Data terminal managing ciphered content data and license acquired by software

ABSTRACT

A hard disk ( 530 ) of a personal computer has a content list file ( 150 ) and an encrypted private file ( 162 ). A license administration device ( 520 ) stores a binding key Kb in a license region ( 5215 B) of a memory. The encrypted private file ( 162 ) can be decrypted and encrypted with the binding key Kb stored in the license administration device ( 520 ). The license of the obtained and encrypted content data is stored as private information in the encrypted private file ( 162 ). Consequently, the encrypted content data and the license distributed by software can be shifted to another data terminal device.

TECHNICAL FIELD

The present invention relates to a data terminal device used in a datadistribution system, which can secure a copyright relating to copiedinformation.

BACKGROUND ART

Owing to progress in information communication networks such as theInternet in recent years, users can easily access network informationthrough personal terminals employing cellular phones or the like.

Over such information communication network, information is transmittedas digital signals. Therefore, each user can copy music data and moviedata, which are transmitted via the information communication network,without substantial degradation in the audio quality and picturequality.

Accordingly, a right of a copyright owner may be significantly infringedwhen copyrighted creation or production such as music data and moviedata are transmitted over the information communication network withoutappropriate measures for protecting the copyrights.

Conversely, top priority may be given to the copyright protection bydisabling or inhibiting distribution of copyrighted data over theinformation communication network, which is growing exponentially.However, this causes disadvantages to the copyright owner who canessentially collect a predetermined copyright royalty for copying ofcopyrighted data.

Instead of the distribution over the information communication networkdescribed above, distribution may be performed via record mediumsstoring digital data. In connection with the latter case, music datastored in CDs (Compact Disks) on the market can be freely copied inprinciple onto magneto-optical disks (e.g., MDs) as long as the copiedmusic is only for the personal use. However, a personal user performingdigital recording or the like indirectly pays predetermined amounts inprices of the digital recording device itself and the mediums such asMDs as guaranty moneys to a copyright owner.

Further, the music data is digital data formed of digital signals, andsubstantially no deterioration occurs in copied information when musicdata is copied from a CD to an MD. Therefore, for the copyrightprotection, such structures are employed that the music informationcannot be copied as digital data from the MD to another MD.

In view of the above, the public distribution itself of copyrightedmaterials such as music data or movie data over the digital informationcommunication network must be inhibited by sufficient measures for thecopyright protection, because such distribution itself is restricted bythe pubic transmission right of the copyright holder.

For the above case, it is necessary to inhibit unauthorized further copyof the content data such as music data or image data, which wasdistributed to and was once received by the public over the informationcommunication network.

Such a data distribution system has been proposed that a distributionserver holding the encrypted content data distributes the encryptedcontent data and the license to memory cards attached to terminaldevices such as cellular phones via the terminal devices. In this datadistribution system, a public encryption key of the memory card, whichhas been authenticated by an certification authority, and itscertificate are sent to the distribution server when requesting thedistribution of encrypted content data. After the distribution serverdetermines the reception of the authenticated certificate, the encryptedcontent data and a license key for decrypting the encrypted content dataare sent to the memory card. When distributing the encrypted contentdata and the license, the distribution server and the memory cardgenerate a session key, which is different from those generated in otherdistribution. With the session key thus generated, the public encryptionkey is encrypted, and the keys are exchanged between the distributionserver and the memory card.

Finally, the distribution server sends the license, which is encryptedwith the public encryption key peculiar to each memory card, and isfurther encrypted with the session key, as well as the encrypted contentdata to the memory card. The memory card records the license and theencrypted content data thus received in the memory card.

When the encrypted content data recorded in the memory card is to bereproduced, the memory card is attached to the cellular phone. Inaddition to an ordinary function of the telephone, the cellular phonehas a dedicated circuit for reading the encrypted content data and thelicense key from the memory card, decrypting the encrypted content datathus read with the read license key, and reproducing it for externaloutput.

As described above, the user of the cellular phone can receive theencrypted content data from the distribution server via the cellularphone, and can reproduce the encrypted content data.

Such content distribution service is now performed that content data isdistributed over the Internet to personal computers. In this contentdistribution service using the Internet, it is possible to distributethe encrypted content data and the license in a manner similar to theforegoing distribution manner. For distributing the encrypted contentdata to the personal computers, software installed in the personalcomputer is used for distributing the encrypted content data and thelicense, and the security of the encrypted content data is lower thanthat in the case where the encrypted content data is written into thememory card. By attaching the above memory card or a device having alicense administration structure similar to that of the memory card to apersonal computer, it is possible to provide a security level similar tothat achieved by directly writing the license into the memory cardattached to the cellular phone.

However, if the distribution service is constructed based on theassumption that the memory card or the above device is attached to thepersonal computer, this reduces opportunities of distribution.Accordingly, the content distribution service can be practical if thedistribution is performed depending on the security level desired by thecontent data supplier only when the personal computer at the destinationhas the capability for it. Thereby, the personal computer having thecapabilities for both the security levels receives the licenses by theinstalled software and the above device. Thus, the personal computerreceives and administers the licenses having different security levels,respectively.

In still another manner of obtaining the encrypted content d ata and thelicense, music data can be obtained by ripping from music CDs. Theripping produces encrypted music data (encrypted content data) frommusic data as well as a license for decrypting and reproducing theencrypted music data. According to this ripping, a watermark definingrules of use of the content data is detected from the content data, andthe encrypted content data and the license are produced in accordancewith contents of the detected watermark. Because of its characteristics,the license thus produced is administered at a lower security leveladministered by software.

When the encrypted content data and the license keys are received atdifferent security levels, the license key received at a high securitylevel cannot be handled at a low security level. Conversely, the licensekey received at a low security level can be handled at a high securitylevel without a problem when viewed from a concept of security. However,various restrictions are imposed on such handling due to the highsecurity level, and thus impair conveniences. Further, even if both thesecurity levels can be handled, functions for different security levelsmay operate independently of each other. This likewise impairs theconveniences of users. Accordingly, it is necessary to provide anoperating or handling environment for administering both the securitylevels in a unified manner.

According to the content data distribution over the Internet in recentyears, the content data is administered by software. In this case, thedata itself recorded in an auxiliary recording device of the personalcomputer can be freely duplicated, and therefore the use of theduplicated data is restricted in such a manner that the data is recordedin an encrypted form linked with information such as a version of BIOSor an ID number of a CPU, which can be obtained from the personalcomputer and is peculiar to the personal computer, for allowing use ofthe duplicated content data by another personal computer.

This administration method can be utilized for distribution of theencrypted content data and the license, and the security can be ensuredby recording the information in an encrypted form uniquely linked withthe personal computer. In this case, however, it is completelyimpossible to cut out the distributed license from the personalcomputer.

In the above case where the license received by the personal computercannot be taken out from the personal computer at all, the encryptedcontent data and the license, which are already received, can no longerbe utilized when the personal computer is damaged, the BIOS is updatedor the CPU is changed.

DISCLOSURE OF THE INVENTION

Accordingly, an object of the invention is to provide a data terminaldevice, which can shift encrypted content data and a license distributedby software to another data terminal device.

Another object of the invention is to provide a data terminal device,which can administer received license keys distributed at differentsecurity levels in accordance with the corresponding security levels,respectively.

According to the invention, a data terminal device obtaining encryptedcontent data prepared by encrypting content data and a license fordecrypting the encrypted content data to obtain original plaintext, andproviding the encrypted content data and the license to another dataterminal device, includes a module unit obtaining the encrypted contentdata and the license by software, and administering the license a deviceunit decrypting the encrypted private file and storing a binding licenseincluding a binding key encrypting the decrypted private file in adedicated region; a storing unit storing data; and a control unit. Thestoring unit stores a plurality of encrypted content data, and anencrypted private file including the plurality of license, and encryptedwith the binding key. In providing the license, the control unit readsthe encrypted private file from the storing unit, and provides theencrypted private file to the module unit. The module unit obtains thebinding license from the device unit, extracts the binding key from theobtained binding license, and provides the license obtained bydecrypting the encrypted private file with the extracted binding key.

Preferably, in initializing the encrypted private file, the module unitproduces the binding license including the binding key, produces aprivate file not including the license, encrypts the produced privatefile with the produced binding key to produce the encrypted privatefile, and provides the produced binding license to the device unit. Thecontrol unit stores the encrypted private file produced by the moduleunit in the storing unit.

Further preferably, in obtaining the license, the control unit providesthe obtained license to the module unit, reads the encrypted privatefile stored in the storing unit, and provides the read encrypted privatefile to the module unit. The module unit obtains the binding licensefrom the device unit, decrypts the provided and encrypted private filewith the binding key included in the binding license obtained from thedevice unit, adds the provided license to the decrypted private file toupdate the private file, and encrypts the updated private file with thebinding key to produce the updated and encrypted private file. Thecontrol unit overwrites the encrypted private file stored in the storingunit with the encrypted private file produced and updated by the moduleunit.

Preferably, in providing the license, the control unit sends theencrypted content data corresponding to the license and stored in thestoring unit to a destination of the license.

Preferably, after sending the license, the module unit produces one newbinding key, produces one new binding license including the produced onenew binding key, produces one new encrypted private file by encryptingthe private file with the one new binding key, and provides the producedone new binding license to the device unit. The device unit stores thereceived one new binding license in the dedicated region by overwriting.The control unit overwrites the encrypted private file stored in thestoring unit with the one new encrypted private file produced by themodule unit.

Preferably, in sending the license to the different data terminaldevice, the control unit receives authentication data from the differentdata terminal device, provides the authentication data to the moduleunit, reads the encrypted private file from the storing unit, andprovides the encrypted private file to the module unit. When the moduleunit authenticates the authentication data received from the differentdata terminal device, the module unit constructs an encryption path tothe different data terminal device via the control unit, obtains thebinding license from the device unit, decrypts the received andencrypted private file with the binding key included in the bindinglicense obtained from the device unit, extracts the license to be sentfrom the decrypted private file, and sends the extracted license to thedifferent data terminal device via the encryption path. After sendingthe license, the module unit produces one new binding key, produces onenew binding license including the produced one new binding key, deletesthe sent license from the private file, encrypts the private filepreviously including the sent and deleted license with the one newbinding key to produce one new encrypted private file, and provides theproduced one new binding license to the device unit. The device unitstores the received one new binding license in the dedicated region byoverwriting. The control unit overwrites the encrypted private filestored in the storing unit with the one new encrypted private fileproduced by the module unit.

Preferably, in obtaining the binding license from the device unit, themodule unit provides authentication data peculiar to the module unititself to the device unit, constructs an encryption communication pathto the device unit in response to authentication of the authenticationdata by the device unit, and obtains the binding license from the deviceunit via the constructed encryption communication path.

Preferably, in providing the binding license to the device unit, themodule unit receives the authentication data from the device unit,constructs an encryption communication path to the device unit inresponse to authentication of the received authentication data, andprovides the binding license to the device unit via the constructedencryption communication path.

More preferably, in obtaining the encrypted content data and the licensefrom the distribution server connected over a data communicationnetwork, the control unit obtains the encrypted content data from thedistribution server over the data communication network, the module unitprovides the authentication data peculiar to the module unit itself viathe control unit and over the data communication network, and constructsan encryption communication path with respect to the distributionserver, and obtains the license from the distribution server via theconstructed encryption communication path.

Preferably, when the content data is obtained, the control unit providesthe obtained content data to the module unit, reads the encryptedprivate file stored in the storing unit, and provides the read encryptedprivate file to the module unit. The module unit produces a license forthe provided content data, produces encrypted content data by encryptingthe provided content data with the produced license in a reproduciblemanner, obtains the binding license from the device unit, decrypts theprovided and encrypted private file with the binding key included in theobtained binding license, updates the private file by newly adding theproduced license to the decrypted private file, produces the updated andencrypted private file by encrypting the updated private file with thebinding key. The control unit overwrites the encrypted private filestored in the storing unit with the updated and encrypted private fileproduced by the module unit, and stores the encrypted content dataproduced by the module unit in the storing unit.

Preferably, the encrypted private file includes, for each license,check-out information for checking out the license to a data recordingdevice. In sending the license to the data recording device, the controlunit receives authentication data from the data recording device,provides the received authentication data to the module unit, reads theencrypted private file from the storing unit, and provides the encryptedprivate file to the module unit. When the module unit authenticates theauthentication data received from the data recording device, the moduleunit constructs an encryption path to the data recording device via thecontrol unit, obtains the binding license from the device unit, decryptsthe provided and encrypted private file with a binding key included inthe obtained binding license, extracts the license to be sent and thecheck-out information from the decrypted private file, produces acheck-out license to be checked out to the data storing device based onthe license to be sent when it is determined from the extractedcheck-out information that check-out of the license is allowed,constructs an encryption path to the data recording device via thecontrol unit, sends the check-out license to the data recording devicevia the encryption path, obtains specifying information for specifyingthe data recording device via the encryption path, produces newcheck-out information by adding the obtained specifying information tothe check-out information, produces one new private file by overwritingthe check-out information of the private file with the new check-outinformation, and produces one new encrypted private file by encryptionwith the binding key. The control unit overwrites the encrypted privatefile stored in the storing unit with the one new encrypted private fileproduced by the module unit.

Preferably, the encrypted private file includes, for each license,check-out information for checking out the license to a data recordingdevice. In sending the license to the data recording device, the controlunit receives authentication data from the data recording device,provides the received authentication data to the module unit, reads theencrypted private file from the storing unit, and provides the encryptedprivate file to the module unit. When the module unit authenticates theauthentication data received from the data recording device, the moduleunit constructs an encryption path to the data recording device via thecontrol unit, obtains the binding license from the device unit, decryptsthe provided and encrypted private file with a binding key included inthe obtained binding license, extracts the license to be sent and thecheck-out information from the decrypted private file, produces acheck-out license to be checked out to the data recording device basedon the license to be sent when it is determined from the extractedcheck-out information that check-out of the license is allowed,constructs an encryption path to the data recording device via thecontrol unit, sends the check-out license to the data recording devicevia the encryption path, and obtains specifying information forspecifying the data recording device via the encryption path. Aftersending the license, the module unit produces one new binding key,produces one new binding license including the produced new binding key,produces new check-out information by adding the obtained specifyinginformation to the check-out information, produces one new private fileby overwriting the check-out information of the private file with thenew check-out information, produces one new encrypted private file byencrypting the produced one new private file with the one new bindingkey, and provides the produced one new binding license to the deviceunit. The device unit stores the received one new binding license in thededicated region by overwriting. The control unit overwrites theencrypted private file stored in the storing unit with the one newencrypted private file produced by the module unit.

According to the invention, a data terminal device obtaining encryptedcontent data prepared by encrypting content data and a license fordecrypting the encrypted content data to obtain original plaintext, andproviding the encrypted content data and the license to another dataterminal device, includes a module unit obtaining the encrypted contentdata and the license by software, producing a dedicated license byeffecting encryption suitable to administration on the license, andadministering the license; a device unit storing a binding licenseincluding a binding key in a dedicated region; a storing unit storingdata; and a control unit. The storing unit stores a plurality ofencrypted content data, a plurality of administration files includingthe dedicated license, and an encrypted private file encrypted uniquelyand including the binding license as a component. In providing thelicense, the control unit reads the encrypted private file and theadministration files from the storing unit, and provides the encryptedprivate file and the administration files to the module unit. The moduleunit extracts the binding license by decrypting the encrypted privatefile, obtains the binding license from the device unit, and provides thelicense obtained by decrypting the dedicated license included in theadministration files when the extracted binding license matches with thebinding license extracted from the encrypted private file.

Preferably, in initializing the encrypted private file, the module unitproduces the binding license including the binding key, produces aprivate file storing the produced binding license, uniquely encrypts theproduced private file to produce the encrypted private file, andprovides the produced binding license to the device unit. The controlunit stores the encrypted private file produced by the module unit inthe storing unit.

More preferably, in obtaining the license, the control unit provides theobtained license to the module unit, produces the dedicated fileincluding the dedicated license produced by the module unit, and storesthe dedicated file in the storing unit. The module unit uniquelyencrypts the provided license to produce the dedicated license.

More preferably, in providing the license, the control unit sends theencrypted content data corresponding to the license and stored in thestoring unit to a destination of the license.

More preferably, after providing the license, the module unit producesone new binding key, produces one new binding license including theproduced one new binding key, produces one new private file includingthe one new binding license, produces one new encrypted private file byuniquely encrypting the produced one new private file, and provides theproduced one new binding license to the device unit. The device unitstores the received one new binding license in the dedicated region byoverwriting. The control unit overwrites the encrypted private filestored in the storing unit with the one new encrypted private fileproduced by the module unit, and deletes the administration fileincluding the license.

More preferably, in sending the license to the different data terminaldevice, the control unit receives authentication data from the differentdata terminal device, provides the authentication data to the moduleunit, reads the encrypted private file and the administration file fromthe storing unit, and provides the encrypted private file and theadministration file to the module unit. The module unit extracts thebinding license by decrypting the encrypted private file, obtains thebinding license from the device unit, constructs an encryption path tothe different data terminal device via the control unit when theextracted binding license matches with the binding license extractedfrom the encrypted private file and the authentication data receivedfrom the different data terminal device is authenticated, and sends thelicense obtainable by decrypting the provided and dedicated license tothe different data terminal device via the encryption path. Aftersending the license, the module unit produces one new binding key,produces one new binding license including the produced one new bindingkey, produces one new private file including the produced one newbinding license, produces one new encrypted private file by uniquelyencrypting the produced one new private file, and provides the producedone new binding license to the device unit. The device unit stores thereceived one new binding license in the dedicated region by overwriting.The control unit overwrites the encrypted private file stored in thestoring unit with the one new encrypted private file produced by themodule unit, and deletes the administration file including the license.

Preferably, a manner of the uniquely encrypting the file is linked withinformation peculiar to data terminal device and obtainable from thedata terminal device.

More preferably, in providing the binding license to the device unit,the module unit receives authentication data from the device unit,constructs an encryption communication path to the device unit inresponse to authentication of the received authentication data, andprovides the binding license to the device unit via the constructedencryption communication path.

More preferably, in obtaining the binding license from the device unit,the module unit provides authentication data peculiar to the module unititself to the device unit, constructs an encryption communication pathto the device unit in response to authentication of the authenticationdata by the device unit, and obtains the binding license from the deviceunit via the constructed encryption communication path.

More preferably, in obtaining the encrypted content data and the licensefrom the distribution server connected over a data communicationnetwork, the control unit obtains the encrypted content data from thedistribution server over the data communication network. The module unitprovides the authentication data peculiar to the module unit itself viathe control unit and over the data communication network, constructs anencryption communication path to the distribution server, and obtainsthe license from the distribution server via the constructed encryptioncommunication path.

More preferably, when the content data is obtained, the control unitprovides the obtained content data to the module unit, produces theadministration file including the dedicated license produced by themodule unit, and writes the produced administration file and theencrypted content data produced by the module unit in the storing unit.The module unit produces a license for the obtained content data,produces encrypted content data by encrypting the obtained content datawith the produced license in a reproducible manner, and produces thededicated license including the produced license.

More preferably, the dedicated license includes check-out informationfor checking out the license to a data recording device. In sending thelicense to the data recording device, the control unit receivesauthentication data from the data recording device, provides thereceived authentication data to the module unit, reads the encryptedprivate file and the administration file from the storing unit, andprovides the encrypted private file and the administration file to themodule unit. The module unit extracts the binding license by decryptingthe encrypted private file; obtains the binding license from the deviceunit; produces a check-out license to be checked out to the datarecording device based on the license obtained by decrypting theprovided dedicated license when the obtained binding license matcheswith the binding license extracted from the encrypted private file, theauthentication data received from the data recording device isauthenticated and it is determined according to the check-outinformation obtainable by decrypting the provided dedicated license thatthe check-out of the license is allowed; constructs an encryption pathto the data recording device via the control unit; sends the check-outlicense to the data recording device via the encryption path; obtainsspecifying information specifying the data recording device via theencryption path from the data recording device; produces new check-outinformation by adding the obtained specifying information to thecheck-out information; and produces one new dedicated license includingthe license included in the provided dedicated license and the newcheck-out information. The control unit overwrites the dedicated licensein the administration file stored in the storing unit with the one newdedicated license produced by the module unit.

More preferably, after sending the check-out license, the module unitproduces one new binding key, produces one new binding license includingthe produced new binding key, produces one new private file includingthe produced one new binding license, produces one new encrypted privatefile by uniquely encrypting the produced one new private file, andprovides the produced one new binding license to the device unit. Thedevice unit stores the received one new binding license in the dedicatedregion by overwriting. The control unit overwrites the encrypted privatefile stored in the storing unit with the one new encrypted private fileproduced by the module unit.

According to the invention, a data terminal device obtaining encryptedcontent data prepared by encrypting content data and a license fordecrypting the encrypted content data to obtain original plaintext, andadministering the encrypted content data and the license, includes adevice unit obtaining the license at a first security level, andadministering the license at the first security level; a module unitobtaining the license at a second security level lower than the firstsecurity level, producing a dedicated license by effecting encryptionsuitable to administration at the second security level on the license,and administering the license; a storing unit storing data; and acontrol unit. The device unit includes a recording unit for recordingthe license while keeping a correspondence to an administration number.The storing unit stores a plurality of first administration filesincluding a plurality of encrypted content data and the administrationnumbers corresponding to the licenses administered by the device unit, aplurality of second administration files including the dedicatedlicense, and a plurality of encrypted content data corresponding to thefirst administration file or the second administration file. When thecontrol unit obtains the license at the first security level, thecontrol unit provides the license obtained at the first security levelto the device unit, produces the first administration file, and writesthe produced first administration file and the encrypted content dataobtained corresponding to the license obtained at the first securitylevel in the storing unit. When the control unit obtains the license atthe second security level, the control unit provides the licenseobtained at the second security level to the module unit, obtains thededicated license including the license obtained at the second securitylevel from the module unit, produces the second administration file, andwrites the produced second administration file and the encrypted contentdata obtained corresponding to the license obtained at the secondsecurity level in the storing unit.

More preferably, when the control unit obtains the license at the firstsecurity level, the control unit provides the administration number tothe device unit, and produces the first administration file includingthe same administration number as the provided administration number.The device unit holds the license based on the administration numberreceived from the control unit.

Preferably, the module unit produces the dedicated license in anencryption manner determined based on information peculiar to thecontrol unit.

Preferably, the dedicated license included in the second administrationfile includes check-out information for checking out the encryptedcontent data obtained at the second security level to another device.

More preferably, the control unit obtains the encrypted content data andthe license by receiving the encrypted content data and/or the licensefrom a content supply device.

Further preferably, the device unit further includes an authenticationdata holding unit for holding the authentication data for the contentsupply device. The control unit sends the authentication data read fromthe device unit to the content supply device, and receives at least thelicense based on the authentication of the authentication data by thecontent supply device.

Further preferably, the module unit executes reception of the encryptedcontent data and the license at the second security level by a program.

Further preferably, when the content data is obtained, the control unitprovides the obtained content data to the module unit. The module unitproduces the license, produces the encrypted content data by encryptingthe obtained content data with the produced license in a reproduciblemanner, and produces the dedicated license including the producedlicense. The control unit obtains the dedicated license including thelicense produced by the module unit and the produced and encryptedcontent data from the module unit, produces the second administrationfile, and writes the produced second administration file and theproduced and encrypted content data in the storing unit.

Further preferably, the module unit obtains rules of use assigned to thecontent data, and produces the license in accordance with the obtainedrules of use.

Further preferably, the module unit produces the dedicated licenseincluding check-out information for checking out the encrypted contentdata obtained at the second security level to another device.

Preferably, the data terminal device further includes an interface unittransmission to and from a data recording device; and a key operatingunit for entering an instruction. The control unit specifies the firstadministration file stored in the storing unit and the encrypted contentdata in accordance with a shift instruction applied via the keyoperating unit, reads the administration number from the specified firstadministration file, provides the read administration number to thedevice unit, obtains the specified and encrypted content data from thestoring unit, and sends the obtained and encrypted content data to thedata recording device via the interface unit. The device unit constructsan encryption path to the data recording device via the control unit andthe interface unit, and provides the license corresponding to theapplied administration number to the data recording device via theencryption path.

Further preferably, the device unit erases the license when the deviceunit provides the license to the data recording device via theencryption path.

Preferably, the data terminal device further includes an interface unitfor transmission to and from a data recording device; and a keyoperating unit entering an instruction. The control unit specifies thesecond administration file stored in the storing unit and the encryptedcontent data in accordance with a shift instruction applied via the keyoperating unit, reads the dedicated license from the specified secondadministration file, provides the read dedicated license to the moduleunit, obtains the specified and encrypted content data from the storingunit, and sends the obtained and encrypted content data to the datarecording device via the interface unit. The module unit decrypts theapplied dedicated license, constructs an encryption path to the datarecording device via the control unit and the interface unit based onthe check-out information included in the dedicated license, producesthe check-out license based on the license included in the provideddedicated license, provides the produced check-out license to the datarecording device via the encryption path, obtains specifying informationspecifying the data recording device via the encryption path from thedata recording device, produces new check-out information by adding theobtained specifying information to the check-out information, andproduces one new dedicated license including the license included in theprovided dedicated license and the new check-out information. Thecontrol unit overwrites the dedicated license in the secondadministration file stored in the storing unit with the one newdedicated license produced by the module unit.

More preferably, the control unit sends encrypted content data and thelicense to the data recording device based on the authentication of theauthentication data obtained from the data recording device via theinterface unit.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram showing a concept of a data distributionsystem according to the invention.

FIG. 2 is a schematic view showing another-concept of the datadistribution-system according to the invention.

FIG. 3 illustrates characteristics of data, information and others forcommunication in the data distribution systems shown in FIGS. 1 and 2.

FIG. 4 illustrates characteristics of keys and others for encryption inthe data distribution systems shown in FIGS. 1 and 2.

FIG. 5 is a schematic block diagram showing a structure of adistribution server in the data distribution systems shown in FIGS. 1and 2.

FIG. 6 is a schematic block diagram showing a structure of a personalcomputer in the data distribution systems shown in FIGS. 1 and 2.

FIG. 7 is a schematic block diagram showing a structure of a terminal inthe data distribution system shown in FIG. 2.

FIG. 8 is a schematic block diagram showing a structure of a memory cardin the data distribution systems shown in FIGS. 1 and 2.

FIG. 9 is a schematic block diagram showing a structure of a licenseadministration device included in the personal computer shown in FIG. 6.

FIGS. 10-13 are first to fourth flow charts illustrating a distributionoperation at a high security level in the data distribution systemsshown in FIGS. 1 and 2, respectively.

FIGS. 14-17 are first to fourth flow charts illustrating a distributionoperation at a low security level in the data distribution systems shownin FIGS. 1 and 2, respectively.

FIG. 18 illustrates a function model of CD ripping.

FIG. 19 is a flowchart illustrating an operation of ripping in the datadistribution systems shown in FIGS. 1 and 2.

FIGS. 20-23 are first to fourth flow charts illustrating ashift/duplicate operation of encrypted content data and a license in thedata distribution systems shown in FIGS. 1 and 2, respectively.

FIGS. 24-27 are first to fourth flow charts illustrating a check-outoperation in the data distribution systems shown in FIGS. 1 and 2,respectively.

FIGS. 28-30 are first to third flow charts illustrating a check-inoperation in the data distribution systems shown in FIGS. 1 and 2,respectively.

FIGS. 31 and 32 are first and second flow charts illustrating areproduction operation of a cellular phone and a reproduction terminal,respectively.

FIG. 33 illustrates recording forms of data in a hard disk and a licenseadministration device of a personal computer.

FIG. 34 illustrates a recording form of data in a memory card.

FIG. 35 illustrates characteristics of data, information and others usedfor administering a license supplied by distribution at a low securitylevel in the personal computer shown in FIGS. 1 and 2.

FIGS. 36-38 are first to third flow charts illustrating initializationof private file performed according to a second embodiment by thepersonal computer shown in FIGS. 1 and 2, respectively.

FIGS. 39-43 are first to fifth flow charts illustrating a distributionoperation performed according to the second embodiment at a low securitylevel in the data distribution systems shown in FIGS. 1 and 2,respectively.

FIGS. 44-46 are first to third flow charts illustrating a rippingoperation performed according to the second embodiment in the datadistribution systems shown in FIGS. 1 and 2, respectively.

FIGS. 47-51 are first to fifth flow charts illustrating a check-outoperation performed according to the second embodiment in the datadistribution systems shown in FIGS. 1 and 2, respectively.

FIGS. 52-55 are first to fourth flow charts illustrating a check-inoperation performed according to the second embodiment in the datadistribution systems shown in FIGS. 1 and 2, respectively.

FIG. 56 illustrates a structure of a content list file on a hard disk ofa personal computer.

FIGS. 57-64 are first to eighth flow charts illustrating shift ofencrypted content data and a license to and from the personal computerin the data distribution systems shown in FIG. 2, respectively.

FIG. 65 illustrates recording forms of data in a hard disk and a licenseadministration device of a personal computer according to the secondembodiment.

FIGS. 66-68 are first to third flow charts illustrating anotheroperation of initializing a private file performed according to a thirdembodiment by the personal computer shown in FIGS. 1 and 2,respectively.

FIGS. 69-72 are first to fourth flow charts illustrating a distributionoperation performed according to the third embodiment at a low securitylevel in the data distribution systems shown in FIGS. 1 and 2,respectively.

FIGS. 73 and 74 are first and second flow charts illustrating a rippingoperation performed according to the third embodiment in the datadistribution systems shown in FIGS. 1 and 2, respectively.

FIG. 75-79 are first to fifth flow charts illustrating a check-outoperation performed according to the third embodiment in the datadistribution systems shown in FIGS. 1 and 2, respectively.

FIGS. 80-83 are first to fourth flow charts illustrating a check-inoperation performed according to the third embodiment in the datadistribution systems shown in FIGS. 1 and 2, respectively.

FIGS. 84-90 are first to seventh flow charts illustrating an operationperformed according to the third embodiment for shiftring or duplicatingencrypted content data and a license to a personal computer in the datadistribution systems shown in FIGS. 1 and 2, respectively.

BEST MODE FOR CARRYING OUT THE INVENTION

Embodiments of the invention will now be described with reference to thedrawings. The same or similar parts or portions bear the same referencenumbers in the figures, and description thereof will not be repeated.

FIG. 1 is a schematic diagram showing a concept of a whole structure ofa data distribution system, from which encrypted content data isobtained by a data terminal device (personal computer) according to theinvention.

Description will now be given by way of example on a structure of a datadistribution system, which distributes digital music data to a memorycard 110 attached to a cellular phone 100 of each user via a cellularphone network, and also distributes digital music data to personalcomputer 50 on the Internet. However, as will become apparent from thefollowing description, the present invention is not limited to such acase. The present invention is applicable to the distribution of othercopyrighted materials, i.e., content data such as image data, movie dataand others.

Referring to FIG. 1, a distribution carrier 20 relays a distributionrequest, which is sent from a user over a cellular phone network, to adistribution server 10. Distribution server 10, which administers thecopyrighted music data, determines whether memory card 110 on cellularphone 100 of the user requesting the data distribution has proper orregular authentication data or not, and thus whether memory card 110 isa regular memory card or not. If regular, the music data, which will bereferred to also as “content data” hereinafter, will be distributed tothe memory card by distribution carrier 20, i.e., the cellular phonecompany after being encrypted in a predetermined encryption manner. Forthis distribution, distribution carrier 20 is supplied from distributionserver 10 with the encrypted content data and a license, which isinformation required for reproducing the encrypted content data andincludes a license key for decrypting the encrypted content data.

Distribution carrier 20 sends the encrypted content data and the licensevia the cellular phone network and cellular phone 100 to memory card 110attached to cellular phone 100, which sent the distribution request overits own cellular phone network.

In FIG. 1, memory card 110 is releasably attached to cellular phone 100of the user. Memory card 110 receives the encrypted content datareceived by cellular phone 100, decrypts the content data encrypted forthe distribution, and then provides the decrypted data to a musicreproduction unit (not shown) in cellular phone 100.

The cellular phone user, for example, can reproduce the content data tolisten to the music via headphones 130 or the like connected to cellularphone 100.

According to the above structure, the user cannot reproduce the musicfrom the data distributed from distribution server 10 without utilizingmemory card 110.

Further, distribution server 10 may be configured such that everydistribution of content data, e.g., for one song is counted, anddistribution carrier 20 will collect the royalty, which is charged everytime the user receives (downloads) the distributed content data,together with charges for telephone calls. Thereby, the copyright ownercan easily ensure the royalty.

In FIG. 1, distribution server 10 is provided with a licenseadministration module (software), which is a program module having thesame license administering function as memory card 110, or a licenseadministration device (hardware) having the same license administrationfunction as memory card 110, and distributes a license and encryptedcontent data to a personal computer 50 in a manner similar to that forcellular phone 100 in response to an access performed by personalcomputer 50 via a modem 40 and over Internet network 30 for requestingthe distribution.

In FIG. 1, it is assumed that personal computer 50 is provided with alicense administration module and a license administration device.Thereby, distribution server 10 performs authentication processing todetermine whether personal computer 50 accessing thereto for datadistribution uses software provided with the license administrationmodule having valid or regular authentication data or not, and thuswhether the regular license administration module is used or not. If theproper license administration module is used, personal computer 50constructs an encryption communication path to the regular licenseadministration module on the communication path formed of Internetnetwork 30 and modem 40 in accordance with predetermined procedures, andsends the license through the encryption communication path. The licenseadministration module of personal computer 50 uniquely encrypts thereceived license for protection, and records it on a hard disk (HDD) oranother auxiliary recording device connected to personal computer 50.Personal computer 50 also receives from distribution server 10 theencrypted content data, which is prepared by encrypting the music datain a predetermined encrypting manner allowing decryption with thelicense key included in the license, and records it on the hard disk asit is.

Personal computer 50 also includes the license administration device.Provision of the license administration device allows reception of thedistributed data at a higher security level than the security level ofrecording on the hard disk by the license administration module, i.e.,at the same security level as that of the reception by cellular phone100 and memory card 110. Personal computer 50 receives the encryptedcontent data and the license from distribution server 10 via modem 40and Internet network 30. For this reception, the license administrationmodule directly receives and records the license via an encryptioncommunication path, which is constructed between distribution server 10and the license administration device in accordance with the sameprocedures as those for constructing the path between distributionserver 10 and the license administration module as already described.The encrypted content data is recorded on the hard disk as it is. Thislicense administration device holds the security in the send/receive andadministration of the license by hardware similarly to memory card 110,and can achieve a higher security level than the license administrationmodule holding the security by the software. For discrimination of thesecurity levels and the licenses, the security level of security ensuredby hardware such as memory card 110 or the license administration devicewill be referred to as a “level 2”, and the license, which required thesecurity at level 2 for distribution, is referred to as a “level-2license”, hereinafter. Likewise, the security level of security ensuredby software such as the license administration module will be referredto as a “level 1”, and the license, which required the security at level1 for distribution, is referred to as a “level-1 license”, hereinafter.The license administration device and the license administration modulewill be described later in greater detail.

In the case of distribution to personal computer 50 over Internetnetwork 30, distribution server 10 may likewise be configured such thatevery distribution of content data, e.g., for one song is counted, anddistribution carrier 20 will collect the royalty, which is charged everytime the user receives (downloads) the distributed content data,together with charges for telephone calls. Thereby, the copyright ownercan easily ensure the royalty.

In FIG. 1, personal computer 50 uses the license administration moduleto produce the encrypted content data, which is restricted to local use,from the music data obtained from a music CD (Compact Disk) 60 storingthe music data as well as the license for reproducing the encryptedcontent data. This processing is referred to as “ripping”, andcorresponds to an operation of obtaining the encrypted content data andthe license from music CD 60. Since the security level of the licensefor local use by the ripping is not high under any circumstances due tothe properties of ripping, such license is handled as the level-1license regardless of the manner of ripping. The ripping will bedescribed later in greater detail.

Further, personal computer 50 is coupled to cellular phone 100 via a USB(Universal Serial Bus) cable 70, and can transmits the encrypted contentdata and the license to and from memory card 110 on cellular phone 100.However, the data and license are handled in the manner depending on thesecurity level of the license, as will be described later in greaterdetail.

In FIG. 1, personal computer 50 may be provided with a function of usingthe license administration module and reproducing the encrypted contentdata only if the encrypted content data has the level-1 license directlyadministered by the license administration module. The reproduction ofthe encrypted content data having the level-2 license is allowed if thepersonal computer includes a content reproducing circuit having thesecurity ensured by the hardware. For the sake of simplicity,reproduction by the personal computer is not described in detail.

According to the data distribution system shown in FIG. 1, personalcomputer 50 receives the encrypted content data and the license fromdistribution server 10 via modem 40 and Internet network 30, and alsoobtains the encrypted content data and the license from music CD 60.Memory card 110 attached to cellular phone 100 receives the encryptedcontent data and the license from distribution server 10 over thecellular phone network, and also receives the encrypted content data andthe license, which are obtained from distribution server 10 or music CD60 by personal computer 50. The user of cellular phone 100 can obtainthe encrypted content data and the license from music CD 60 byinterposing personal computer 50 therebetween.

Memory card 110 attached to cellular phone 100 can save the encryptedcontent data and the license, which are received from distributionserver 10 over the cellular phone network, in personal computer 50.

FIG. 2 shows a data distribution system using a reproduction terminal102, which does not have a function of receiving the encrypted contentdata and the license from distribution server 10 over the cellular phonenetwork. In the data distribution system shown in FIG. 2, memory card110 attached to reproduction terminal 102 receives the encrypted contentdata and the license, which are obtained from distribution server 10 ormusic CD 60 by personal computer 50. Since personal computer 50 obtainsthe encrypted content data and the license, even the user ofreproduction terminal 102 not having a communication function canreceive the encrypted content data.

Accordingly, the structure in FIG. 2 is the same as that in FIG. 1except for that distribution carrier 20 is not present.

In FIG. 2, reproduction terminal 102 of the user is configured to allowreleasable attachment of memory card 110. Memory card 110 receives theencrypted content data received by reproduction terminal 102, decryptsthe encryption performed for the above distribution, and provide thecontent data to a music reproducing unit (not shown) in reproductionterminal 102.

Further, the user can reproduce the content data for listening viaheadphones 130 or the like connected to reproduction terminal 102.

Memory card 110 can be commonly used in both the systems in FIGS. 1 and2, and the encrypted content data, which is recorded in memory card 110with the license by one of the system can be produced by the othersystem if memory card 110 is lent or checked out to the other system.More specifically, the encrypted content data and the license can berecorded in memory card 110 attached to cellular phone 100, and thenmemory card 110 can be attached to reproduction terminal 102 forreproducing music from the encrypted-content data. Also, operations canbe performed vice versa. Using the medium, the encrypted content dataand the license can be shared.

In the structures shown in FIGS. 1 and 2, the system requires severalmanners or the like for allowing recording and/or reproduction of thecontent data, which is distributed in the encrypted form, on the userside of the cellular phone, reproduction terminal or the personalcomputer. First, it requires a manner for distributing the encryptionkey in a communication system. Second, the manner of encrypting thecontent data to be distributed is required. Third, it is required toemploy the manner or structure of protecting the content data againstunauthorized copying of the distributed content data.

Embodiments of the invention, which will now be described, particularlyrelate to structures for enhancing the ability to protect the copyrightof the content data in such a manner that can enhance functions forauthentication and check of a receiver or a destination of the contentdata at the time of generation of each of the sessions of distribution,shift, check-out, check-in and reproduction, and can prevent output ofthe content data to an unauthenticated recording device or datareproduction terminal (the data reproduction terminal capable of contentreproduction may also be referred to as the “cellular phone” or“personal computer” hereinafter) as well as the recording device or datareproduction terminal, in which the decryption key is broken.

In the following description, transmission of the content data fromdistribution server 10 to various cellular phones, personal computersand others will be referred to as “distribution”, hereinafter.

FIG. 3 shows characteristics of data, information and others used forcommunication in the data distribution systems shown in FIGS. 1 and 2.

First, the data distributed from distribution server 10 will bedescribed. Dc indicates the content data such as music data. Contentdata Dc is encrypted in a format allowing decryption with a license keyKc. Encrypted content data {Dc}Kc, which can be decrypted with licensekey Kc, is distributed by distribution server 10 to users of thecellular phones or personal computers while keeping this format.

In the following description, the expression “{Y}X” represents that dataY is encrypted in the format allowing decryption with decryption key X.

Together with the encrypted content data, distribution server 10distributes additional information Dc-inf, which includes informationrelating to, e.g., copyright of the content data or server access.Additional information Dc-inf is plaintext information. As the license,license key Kc as well as a transaction ID, which is an administrationcode for specifying the distribution of the license key or the like fromdistribution server 10, are transmitted between distribution server 10and cellular phone 100, or between distribution server 10 and personalcomputer 50. The transaction ID is used also for specifying the licensenot distributed, and thus the license aimed at local use. Fordistinguishing between the license to be distributed and that for thelocal use, the transaction ID bears “0” at its leading end forindicating the local use. The transaction ID bearing the number otherthan “0” at its leading end is used for distribution. The licensefurther includes a content ID, which is a code for identifying contentdata Dc, an access control information ACm, which is produced based onlicense purchase conditions AC including the number of licensesdetermined by designation from the user side, and relates torestrictions on access to the license in the license administrationdevice (e.g., memory card, license administration device or licenseadministration module), reproduction control information ACp, which iscontrol information for reproduction in the content reproducing circuit(cellular phone 100, reproduction terminal 102 or the like), and others.More specifically, access control information ACm is the controlinformation for externally outputting the license or license key fromthe memory card, the license administration module or the licenseadministration device, and includes an allowed reproduction times (theallowed times of license key output for reproduction), controlinformation relating to the shift/copy of the license and the securitylevel of the license. Reproduction control information ACp is used forrestricting reproduction after the content reproduction circuit receivesthe license key for reproduction, and relates to the restrictedreproduction period, reproduction speed change restriction, reproductionrange designation (partial license) and others.

In the following description, the transaction ID and the content ID willbe collectively referred to as the license ID, and license key Kc,license ID, access control information ACm and reproduction controlinformation ACp will be collectively referred to as the license.

For the sake of simplicity, access control information ACm in thefollowing description restricts only the two items, i.e., thereproduction times (0: reproduction inhibited, 1-254: allowedreproduction times, 255: no limit), which are the control informationfor restricting the reproduction time(s), and the shift/copy flag (0:shift and copy are inhibited, 1: only shift is allowed, 2: shift andcopy are allowed), which can restrict the shift and copy of the license.Also, reproduction control information ACp restricts only thereproduction period (UTC time code), which is the control informationspecifying the allowed period of reproduction.

In the embodiments, a certificate revocation list CRL is operated sothat the distribution and reproduction of the content data can beinhibited in each of the classes of the license administration devices(e.g., memory card, license administration device and licenseadministration module) and the content reproducing circuits (e.g.,cellular phone 100 and reproduction terminal 102).

The certificate revocation list is a data file including a list ofidentification codes identifying class certificates held in therecording devices and the content reproduction circuits, which canneither receive the distributed license nor reproduce the data becausesuch distribution and reproduction are inhibited. When the classcertificate bearing the identification code, which is listed incertificate revocation list CRL, is received, it is inhibited to providethe license key to a sender of the class certificate even when thereceived class certificate is a regular certificate. The classcertificate will be described later. All the devices and programsperforming the license administration and storage as well as thereproduction, are related to the content data protection, are potentialtargets to be listed.

Certificate revocation list CRL is administered in distribution server10, and is recorded and held in the recording device. Certificaterevocation list CRL must be updated to renew the data at appropriatetimes. For updating certificate revocation list CRL in the licenseadministration device, the date and time of update of the certificaterevocation list is determined from the license administration deviceattached to the cellular phone or the personal computer whendistributing the license such as a license key. When it is determined,from a comparison with the update date/time in certificate revocationlist CRL held by distribution server 10, that the updating has not beendone, the updated certificate revocation list is distributed to thecellular phone or personal computer. For updating the certificaterevocation list, such a manner may be employed that the sender sends thelatest or newer certificate revocation list to rewrite the certificaterevocation list held in the receiver. Alternatively, such a manner maybe employed that the sender prepares differential data, which has beenadded after the date and time of update of the certificate revocationlist held in the receiver, and adds the differential data to thecertificate revocation list held in the receiver. In the former manner,certificate revocation list CRL bears the date/time of the production ofthe list or the record date/time of each of identification codes listedin certificate revocation list CRL, and the date/time of the productionor the record date/time of the latest one(s) among the addedidentification code(s) is used as the date/time of update of certificaterevocation list CRL. In the latter manner, the record date/time of eachof the identification codes in the list is described.

In the following description, it is assumed that the processing ofupdating certificate revocation list CRL is performed by distributingand adding differential CRL.

As described above, certificate revocation list CRL is held and operatednot only in the distribution server but also in the licenseadministration device, which records and administers the license.Thereby, in the case of reproduction as well as the shift, copy andcheck-out of the license, it is impossible to inhibit supply of thelicense from the license administration device to the contentreproducing circuit (cellular phone or reproduction terminal) or thelicense administration device (memory card, license administrationdevice or license administration module), which is a dangerous devicedue to breakage of the security or leakage of the key peculiar to theclass. Therefore, such a situation can be prevented that the distributedlicense is supplied from the distribution destination or receiver to thedangerous device. When the security is broken, or the key peculiar tothe class leaks, the content reproducing circuit cannot reproduce thecontent data, and the content administration device cannot obtain thenew license.

As described above, certificate revocation list CRL held andadministered by the license administration device is updated to renewthe data in response to distribution. Administration of certificaterevocation list CRL in the memory card or the license administrationdevice is performed by recording it independently of the upper level ina tamper resistant module at a high level ensuring security by hardware.Administration of certificate revocation list CRL in the licenseadministration module is performed by recording it on the hard disk orthe like of the personal computer, which is protected at least againsttampering by the encryption. In other words, the recording is performedin the tamper resistant module at a low level ensuring security bysoftware. Therefore, the structure is configured to inhibit such asituation that certificate revocation list CRL is tampered from theupper level such as a file system, application program or the like. As aresult, the protection of copyright of the data can be enhanced.

FIG. 4 illustrates characteristics of data, information and others forauthentication, which are used in the data distribution systems shown inFIGS. 1 and 2.

The content reproduction circuit and license administration device areprovided with individual public encryption keys KPpy and KPmw,respectively. Public encryption keys KPpy and KPmw can be decrypted witha private decryption key Kpy which is hold in the content reproductioncircuit and a private decryption key Kmw which is hold in the memorycard, license administration device or license administration module,respectively. These public encryption keys and private decryption keyshave different values, which depend on the types of the contentreproducing circuit and license administration device. These publicencryption keys and private decryption keys are collectively referred toas class keys. The public encryption key and the private decryption keyare referred to as the class public encryption key and the class privatedecryption key, respectively. The unit, in which the class key iscommonly used, is referred to as the class. The class depends on amanufacturer, a kind of the product, a production lot and others.

Cpy is employed as a class certificate of the content reproducingcircuit. Cmw is employed as a class certificate of the licenseadministration device. These class certificates have informationdepending on the classes of the content reproducing circuit and licenseadministration device.

The class public encryption key and the class certificate of the contentreproducing circuit are recorded as authentication data {KPpy//Cpy}KPain the data reproduction circuit at the time of shipment. The classpublic encryption keys and the class certificates of the memory card,license administration module and license administration device arerecorded as authentication data {KPmw//Cmw}KPa in the licenseadministration device at the time of shipment. The class publicencryption key and the class certificate of the license administrationmodule are recorded in the license administration device at the time ofshipment. As will be described later in greater detail, KPa is a publicauthentication key, which is common in the whole distribution system.Public authentication key KPa is formed of a public authentication keyKPa1 or KPa2 depending on the security level. Public authentication keyKPa1 is used when the security level is level 1, and publicauthentication key KPa2 is used when the security level is level 2.

The class certificate includes an identification code, and is pairedwith the class public encryption key. The class, i.e., the unit havingthe symmetric class certificate, class public encryption key and privatedecryption key is the unit for inhibiting provision of the license keyaccording to certificate revocation list CRL. When the tamper resistantmodule is broken, or the encryption is broken by the class key, i.e.,when the leakage of the class private decryption key occurs, theidentification code representing the class certificate of the class ofthe leaked key is listed in the certificate revocation list, and thesystem inhibits supply of the license to the content reproducing circuitand the license administration device having the class certificatespecified by the identification code thus listed.

A public encryption key KPmcx is set for each of the licenseadministration units formed of the license administration devices, and aindividual private decryption key Kmcx is provided to allow decryptionof the data encrypted with public encryption key KPmcx. The publicencryption key and the private decryption key, which are peculiar toeach memory card, will be collectively referred to as “individual keys”,public encryption key KPmcx will be referred to as a “individual publicencryption key” and private decryption key Kmcx will be referred to as a“individual private decryption key”.

In addition to the above, symmetric keys Ks1-Ks3 are temporarilyproduced every time transmission of the license is performed. Symmetrickeys Ks1-Ks3 are unique symmetric keys generated for each “session”,which is the unit of access or communication to or from the distributionserver, the content reproducing circuit or the license administrationdevice. These symmetric keys Ks1-Ks3 will be referred to as “sessionkeys”, hereinafter.

These session keys Ks1-Ks3 have values peculiar to each session, and areadministered by the distribution server, content reproducing circuit andlicense administration device. More specifically, session key Ks1 isgenerated for each distribution session by the distribution server.Session key Ks2 is generated for each of the distribution session andreproduction session by the license administration device. Session keyKs3 is generated for each reproduction session in the contentreproducing circuit. The security can be improved in each session bytransmitting these session keys, receiving the session keys produced bythe destinations to perform encryption with the session keys thusreceived and sending the license keys and others.

FIG. 5 is a schematic block diagram showing a structure of distributionserver 10 shown in FIGS. 1 and 2.

Distribution server 10 includes an content database 304 for storingcontent data encrypted according to a predetermined scheme as well asdistribution data such as a content ID, an account database 302 forholding accounting information according to the start of access tocontent data for each of the users of the cellular phones and personalcomputers, a CRL database 306 for administering certificate revocationlists CRL, a menu database 307 for holding the menu of content data heldin content database 304, a distribution log database 308 for holding alog relating to distribution of the transaction ID and others specifyingthe distribution of the content data, license key and others for eachdistribution of the license, a data processing unit 310 for receivingdata via a bus BS1 from content database 304, accounting database 302,CRL database 306, menu database 307 and distribution log database 308,and performing predetermined processing, and a communication device 350for transmitting data between distribution carrier 20 and dataprocessing unit 310 over the communication network.

Data processing unit 310 includes a distribution control unit 315 forcontrolling an operation of data processing unit 310 in accordance withthe data on bus BS1, a session key generating unit 316 which iscontrolled by distribution control unit 315 to generate session key Ks1in the distribution session, an authentication key holding unit 313holding public authentication key KPa for decrypting authentication data{KPmw//Cmw}KPa sent for authentication from the license administrationapparatus, i.e., the memory card, license administration device or thelicense administration module, a decryption processing unit 312receiving authentication data {KPmw//Cmw}KPa sent for authenticationfrom the memory card, license administration device or licenseadministration module via communication device 350 and bus BS1, anddecrypting it with public authentication key KPa sent fromauthentication key holding unit 313, a session key generating unit 316generating session key Ks1, an encryption processing unit 318 encryptingsession key Ks1 generated by session key generating unit 316 with classpublic encryption key KPmw obtained by decryption processing unit 312,and providing it onto bus BS1, and a decryption processing unit 320receiving and decrypting the data, which is sent after being encryptedwith session key Ks1.

Data processing unit 310 further includes an encryption processing unit326 encrypting license key Kc and access control information ACm, whichare obtained from distribution control unit 315, with individual publicencryption key KPmcx, which is obtained by decryption processing unit320 and is peculiar to each of the memory card, license administrationdevice and license administration module, as well as an encryptionprocessing unit 328 further encrypting the output of encryptionprocessing unit 326 with session key Ks2 provided from decryptionprocessing unit 320, and outputting it onto bus BS1.

Authentication key holding unit 313 holds two public authentication keysKPa1 and KPa2 corresponding to two security levels, respectively, andselects them in accordance with the authentication data sent from thedestination.

Operations in the distribution session of distribution server 10 will bedescribed later in greater detail with reference to flow charts.

FIG. 6 is a schematic block diagram showing a structure of personalcomputer 50 shown in FIGS. 1 and 2. Personal computer 50 includes a busBS2 for data transmission to and from various units in personal computer50, a controller (CPU) 510 for internally controlling the personalcomputer and executing various programs, a hard disk (HDD) 530 and aCD-ROM drive 540, which are large-capacity storage devices connected tobus BS2 for recording and storing programs and/or data, a keyboard 560for entering user's instructions and a display 570 for visually showingvarious kinds of information to users.

Personal computer 50 further includes a USB interface 550 forcontrolling transmission of data between controller 510 and a terminal580 during transmission of the encrypted content data and the license toor from cellular phone 100, reproduction terminal 102 and personalcomputer 80, terminal 580 for connecting USB cable 70, a serialinterface 555 for controlling data transmission between controller 510and a terminal 585 during communication to or from distribution server10 over Internet network 30 and modem 40, and terminal 585 forconnection to modem 40 via a cable.

Controller 510 performs the control for sending the encrypted contentdata and others from distribution server 10 to a license administrationmodule 511 over Internet network 30, and more specifically controls thetransmission of data to and from distribution server 10. Also,controller 510 performs the control when the encrypted content data andthe license are to be obtained by ripping from music CD 60 via CD-ROMdrive 540. Further, personal computer 50 includes a licenseadministration device 520, which transmits various keys to and fromdistribution server 10 for receiving the encrypted content data and thelicense from distribution server 10, and controls the license forreproducing the encrypted content data distributed thereto by hardware,and content administration module 511, which is a program to be executedby controller 510, receives the encrypted content data and the level-1license from distribution server 10, and produces the dedicated licenseby uniquely encrypting the received license.

License administration device 520 is provided for transmitting the databy hardware when receiving the license from distribution server 10, andfor administering the received license by hardware. Therefore, licenseadministration device 520 can handle the license at level 2 requiring ahigh security level. Conversely, license administration module 511 is aprogram (software) to be executed by controller 510, is configured totransmit the data in the operation of receiving the license fromdistribution server 510, produce the encrypted content data and thelicense for a local use by ripping from music CD 60, to protect theobtained license by encrypting it and to store it on hard disk 530 foradministration. License administration module 511 handles only thelevel-1 license at a lower security level than license administrationdevice 520. Naturally, the level-1 license can be handled if the level 2is the high security level.

As described above, personal computer 50 is internally provided withlicense administration module 511 and license administration device 520for receiving the encrypted content data and the license fromdistribution server 10 over Internet network 30 as well as CD-ROM drive540 for obtaining the encrypted content data and the license by rippingfrom music CD 60.

FIG. 7 is a schematic block diagram showing a structure of reproductionterminal 102 shown in FIG. 2.

Reproduction terminal 102 includes a bus BS3 for data transmission tovarious units in reproduction terminal 102, a controller 1106 forcontrolling the operation of reproduction terminal 102 via bus BS3, aconsole panel 1108 for externally applying instructions to reproductionterminal 102 and a display panel 1110 for providing information sentfrom controller 1106 and others to the user as visual information.

Reproduction terminal 102 further includes removable memory card 110 forstoring and decrypting the content data (music data) sent fromdistribution server 10, a memory interface 1200 for controllingtransmission of data between memory card 110 and bus BS3, a USBinterface 1112 for controlling data transmission between bus BS3 and aterminal 1114 when receiving the encrypted content data and the licensefrom personal computer 50, and terminal 1114 for connecting USB cable70.

Reproduction terminal 102 further includes an authentication dataholding unit 1500 for holding authentication data {KPp1//Cp1}KPa2prepared by encrypting class public encryption key KPp1 and classcertificate Cp1 into a state, which allows decryption with publicauthentication key KPa to authenticate the validity. It is assumed thatthe class y of reproduction terminal 102 is equal to one (y=1).

Reproduction terminal 102 further includes a Kp1 holding unit 1502 forholding Kp1, which is a decryption key peculiar to the class, and adecryption processing unit 1504, which decrypts the data received frombus BS3 with decryption key Kp1 to obtain session key Ks2 generated bymemory card 110.

Reproduction terminal 102 further includes a session key generating unit1508 for generating a session key Ks3, e.g., based on a random numberfor encrypting the data to be transmitted to and from memory card 110via bus BS3 in the reproduction session, which is performed forreproducing the content data stored in memory card 110, and anencryption processing unit 1506, which encrypts session key Ks3generated by session key generating unit 1508 with session key Ks2obtained by decryption processing unit 1504, and outputs it onto bus BS3when receiving license key Kc and reproduction control information ACpfrom memory card 110 in the reproduction session of the encryptedcontent data.

Reproduction terminal 102 further includes a decryption processing unit1510, which decrypts the data on bus BS3 with session key Ks3 to outputlicense key Kc and reproduction control information ACp, a decryptionprocessing unit 1516, which receives encrypted content data {Dc}Kc frombus BS3, and decrypts it with license key Kc obtained from decryptionprocessing unit 1510 to output the content data, a music reproducingunit 1518 for receiving the output of decryption processing unit 1516and reproducing the content data, a D/A converter 1519 for convertingthe output of music reproducing unit 1518 from digital signals to analogsignals, and a terminal 1530 for providing the output of D/A converter1519 to an external output device (not shown) such as headphones.

In FIG. 7, a region surrounded by dotted line provides a contentreproducing device 1550 for reproducing the music data by decrypting theencrypted content data. Content reproducing device 1550 is formed of atamper resistant module.

Cellular phone 100 shown in FIG. 1 has a function of receiving theencrypted content data or the license distributed from distributionserver 10 over the cellular phone network. Accordingly, the structure ofcellular phone 100 shown in FIG. 1 corresponds to the structure, whichis shown in FIG. 7, but is provided with ordinary functions of thecellular phone such as functions of an antenna for receiving radiosignals sent over the cellular phone network, a transmission unit forconverting the signals received from the antenna into baseband signals,and sending data sent from the cellular phone to the antenna aftermodulating it, a microphone, a speaker and an audio coder-decoder.

Operations in respective sessions of the respective components ofcellular phone 100 and reproduction terminal 102 will be described laterin greater detail with reference to flow charts.

FIG. 8 is a schematic block diagram showing a structure of memory card110 shown in FIGS. 1 and 2.

As already described, KPmw and Kmw are employed as the class publicencryption key and the class private decryption key of the memory card,respectively, and class certificate Cmw in the memory card is alsoemployed. It is assumed that the natural number w is equal to three inmemory card 110 (w=3). The natural number x for identifying the memorycard is equal to four (x=4). Accordingly, memory card 110 is providedwith class public encryption key KPm3, class private decryption key Km3,class certificate Cm3, individual public encryption key KPmc andindividual private decryption key Kmc4.

Accordingly, memory card 110 includes an authentication data holdingunit 1400 for holding authentication data {KPm3//Cm3}KPa2, a Kmc holdingunit 1402 for holding a individual private decryption key Kmc4, which isa decryption key peculiar to each memory card, a Km holding unit 1421for storing a class private decryption key Km3 and a KPmc holding unit1416 for storing a public encryption key KPmc4 used for encryption,which allows decryption with individual private encryption key Kmc4.

Owing to provision of the encryption key of the recording device, i.e.,the memory card, the license key for each memory card can beadministered independently of the other memory cards, as will beapparent from the following description.

Memory card 110 further includes an interface 1424 for transmittingsignals to and from memory interface 1200 via a terminal 1426, a bus BS4for transmitting signals to and from interface 1424, a decryptionprocessing unit 1422 which receives data provided onto bus BS4 viainterface 1424, also receives class private decryption key Km3 from Kmholding unit 1421 and outputs session key Ks1 generated in thedistribution session by distribution server 10 to a contact Pa, a KPaholding unit 1414 holding public authentication key KPa2 for decryptingand authenticating the authentication data, a decryption processing unit1408 receiving public authentication key KPa2 sent from KPa holding unit1414, executing the decryption with public authentication key KPa on theauthentication data provided onto bus BS4 from the destination of thelicense, sending the result of the decryption and the class certificatethus obtained to controller 1420, and sending the class public key thusobtained to an encryption processing unit 1410, and an encryptionprocessing unit 1406 encrypting the data selectively provided from aselector switch 1446 with a key selectively provided from a selectorswitch 1442, and outputting it onto bus BS4.

Memory card 110 further includes a session key generating unit 1418 forgenerating session key Ks2 in each of the distribution and reproductionsessions, encryption processing unit 1410 encrypting session key Ks2generated from session key generating unit 1418 with class publicencryption key KPpy or KPmw obtained by decryption processing unit 1408,and sending it onto bus BS4, a decryption processing unit 1412,receiving the data encrypted with session key Ks2 from bus BS4, anddecrypting it with session key Ks2 obtained from session key generatingunit 1418, and an encryption processing unit 1417 for encrypting thelicense, which is read from memory 1415 in the reproduction session ofthe encrypted content data, with individual public encryption key KPmcx(x≠4) of another license administration apparatus (memory card orlicense administration device), which is decrypted by decryptionprocessing unit 1412.

Memory card 110 further includes a decryption processing unit 1404 fordecrypting the data on bus BS4 with a individual public encryption keyKPmc4 and decrypting the encrypted data with individual privatedecryption key Kmc4 of memory card 110, and a memory 1415 for receiving,from bus BS 4, and storing certificate revocation list CRL, which issuccessively updated by receiving differential certificate revocationlist, i.e., the differential data for renewing certificate revocationlist CRL, encrypted content data {Dc}Kc, license (Kc, Acp, ACm andlicense ID) for reproducing encrypted content data {Dc}Kc, additionalinformation Dc-inf, the reproduction list of encrypted content data andthe license administration file for administering the license. Memory1415 is formed of, e.g., a semiconductor memory. Memory 1415 is formedof a CRL region 1415A, a license region 1415B and a data region 1415C.CRL region 1415A is a region for recording certificate revocation listCRL. License region 1415B is used for recording the license. Data region1415C is used for recording encrypted content data {Dc}Kc, additionalinformation Dc-inf of the encrypted content data, a licenseadministration file for recording information required for licenseadministration for each encrypted content data, and a reproduction listfile for recording basic information for accessing the encrypted contentdata and the license stored in the memory card. Data region 1415C can beexternally and directly accessed. The license administration file andreproduction list file will be described later in greater detail.

License region 1415B stores the license (license key Kc, reproductioncontrol information ACp, access control information ACm and license ID)in record units, each of which is referred to as “entry” and isdedicated to recording of the license. For accessing the license, anentry number is used for designating the entry, in which the license isstored or is to be stored.

Memory card 110 further includes a controller 1420, which externallytransmits data via bus BS4, and receives instructions for controllingoperations of memory card 110.

All the structures except for data region 1415C necessarily form tamperresistant modules.

FIG. 9 is a schematic block diagram showing a structure of licenseadministration device 520 arranged within personal computer 50. Licenseadministration device 520 basically has the same structure memory card110 except for that a region corresponding to data region 1415C ofmemory card 110 is not required, and an interface 5224 different infunction from interface 1424 and a terminal 5226 different inconfiguration from terminal 1426 are employed. In license administrationdevice 520, an authentication data holding unit 5200, a Kmc holding unit5202, a decryption processing unit 5204, an encryption processing unit5206, a decryption processing unit 5208, an encryption processing unit5210, a decryption processing unit 5212, a KPa holding unit 5214, a KPmcholding unit 5216, an encryption processing unit 5217, a session keygenerating unit 5218, a controller 5220, a Km holding unit 5221, adecryption processing unit 5222, interface 5224, terminal 5226, andselector switches 5242 and 5246 are the same as authentication dataholding unit 1400, Kmc holding unit 1402, decryption processing unit1404, an encryption processing unit 1406, decryption processing unit1408, encryption processing unit 1410, decryption processing unit 1412,KPa holding unit 1414, KPmc holding unit 1416, encryption processingunit 1417, session key generating unit 1418, controller 1420, Km holdingunit 1421, decryption processing unit 1422 and selector switches 1442and 1446, respectively. However, authentication data holding unit 5200holds authentication data {KPm7//Cm7}KPa2, and KPmc holding unit 5216holds individual public encryption key KPm8, Km holding unit 5202 holdclass private decryption key Km7, Kmc holding unit 5221 holds individualprivate decryption key Kmc8. The natural number w representing the classof license administration device 520 is equal to seven (w=7), and thenatural number x identifying license administration device 520 is equalto eight (x=8).

License administration device 520 includes a memory 5215 for recordingcertificate revocation list CRL and license (Kc, ACp, ACm and licenseID) instead of memory 1415 in memory card 110. Memory 5215 is formed ofa CRL region 5215A storing certificate revocation list CRL and a licenseregion 5215B storing the license.

Description will now be given on the operations in respective sessionsof the data distribution systems shown in FIGS. 1 and 2.

FIRST EMBODIMENT

[Distribution 1]

In the data distribution systems shown in FIGS. 1 and 2, the level-2license and the encrypted content data corresponding to the level-2license are distributed from distribution server 10 to personal computer50, as will now be described below. In this operation, the level-2license is directly distributed to license administration device 520 viaan encryption communication path provided between distribution server 10and license administration device 520 of personal computer 50, and isstored in license region 1415B of memory 1415 of license administrationdevice 520. This operation will be referred to as “distribution 1”.

FIGS. 10-13 are first to fourth flow charts, which show the distributionoperation (also referred to as a “distribution session” in some cases)in the data distribution systems shown in FIGS. 1 and 2, respectively,and more specifically, show the distribution to license administrationdevice 520 in personal computer 50 performed at the time of purchasingthe encrypted content data.

Before the processing in FIG. 10, the user connects user's personalcomputer 50 to distribution server 10 via modem 40, and thereby obtainsthe content ID for the intended content to be purchased fromdistribution server 10. The following description is based on thepremise that the above operation is already performed.

Referring to FIG. 10, the user of personal computer 50 enters viakeyboard 560 the distribution request by designating the content ID(step S100). Via keyboard 560, the user enters purchase conditions ACfor purchasing the license of the encrypted content data (step S102).More specifically, access control information ACm and reproductioncontrol information ACp of the encrypted content data are set, andpurchase conditions AC are input for purchasing license key Kc used fordecrypting the selected and encrypted content data.

When purchase conditions AC of encrypted content data are input,controller 510 provides an instruction of output of the authenticationdata to license administration device 520 (step S104). A controller 5220of license administration device 520 receives the instruction of theauthentication data output via interface 5224 and bus BS5. Controller5220 reads authentication data {KPm7//Cm7}KPa2 from authentication dataholding unit 5200 via bus BS5, and outputs authentication data{KPm7//Cm7}KPa2 via interface 5224 and terminal 5226 (step S106).

In addition to authentication data {KPm7//Cm7}KPa2 sent from licenseadministration device 520, controller 510 of personal computer 50 sendsthe content ID, data AC of the license purchase conditions and thedistribution request to distribution server 10 (step S108).

Distribution server 10 receives from personal computer 50 thedistribution request, content ID, authentication data {KPm7//Cm7}KPa2and data AC of license purchase conditions (step S110). Decryptionprocessing unit 312 decrypts the authentication data provided fromlicense administration device 520 with public authentication key KPa2 atlevel 2 (step S112).

Distribution control unit 315 performs authentication processing basedon the result of decryption by decryption processing unit 312 todetermine whether the received data is the authentication data encryptedfor the purpose of verifying its authenticity or validity by a regularsystem or not (step S114). When it is determined that the received datais the valid authentication data, distribution control unit 315 approvesand accepts class public encryption key KPm7 and class certificate Cm7.The operation moves to a next step S116. When distribution control unit315 determines that it is not the valid authentication data, the data isnot approved, and the distribution session ends without accepting classpublic encryption key KPm7 and class certificate Cm7 (step S198).

When class public encryption key KPm7 and class certificate Cm7 areaccepted as a result of the authentication, distribution control unit315 then refers to CRL database 306 to determine whether classcertificate Cm7 of license administration device is listed incertificate revocation list CRL. When class certificate Cm7 is listed inthe certificate revocation list, the distribution session ends (stepS198).

When the class certificate of license administration device 520 is notlisted in the certificate revocation list, next processing starts (stepS116).

When it is determined from the result of authentication that the accessis made from the personal computer provided with the licenseadministration device, which has the valid authentication data, and theclass is not listed in certificate revocation list CRL, distributioncontrol unit 315 in distribution server 10 produces the transaction ID,which is the administration code for specifying the distribution (stepS118). Also, session key generating unit 316 generates session key Ks1for distribution (step S120). Session key Ks1 is encrypted by encryptionprocessing unit 318 with class public encryption key KPm7 correspondingto license administration device 520 obtained by decryption processingunit 312 (step S122).

The transaction ID and encrypted session key Ks1 are externally outputas transaction ID//{Ks1}Km7 via bus BS1 and communication device 350(step S124).

Referring to FIG. 11, when personal computer 50 receives transactionID/{Ks1}Km7 (step S126), controller 510 provides transactionID//{Ks1}Km7 to license administration device 520 (step S128). Thereby,in license administration device 520, decryption processing unit 5222decrypts the data provided onto bus BS5 via terminal 5226 and interface5224 with class private decryption key Km7, which is held by holdingunit 5221 and is peculiar to license administration device 520, andthereby accepts session key Ks1 thus decrypted (step S130).

When the acceptance of session key Ks1 produced by distribution server10 is confirmed, controller 5220 instructs session key generating unit5218 to generate session key Ks2 to be produced in the distributionoperation by license administration device 520. Session key generatingunit 5218 produces session key Ks2 (step S132).

In the distribution session, controller 5220 extracts update date/timeCRLdate from certificate revocation list CRL recorded in memory 5215 oflicense administration device 520, and provides it to selector switch5246 (step S134).

Encryption processing unit 5206 encrypts session key Ks2, individualpublic encryption key KPmc8 and update date/time CRLdate of thecertificate revocation list, which are obtained by successivelyselecting the contacts of selector switch 5246, with session key Ks1,which is obtained via contact Pa of selector switch 5242, to provideencrypted data {Ks2//KPmc8//CRLdate}Ks1 as one data string onto bus BS5(step S136).

Encrypted data {Ks2//KPmc8//CRLdate}Ks1 provided onto bus BS5 is sentfrom bus BS5 to personal computer 50 via interface 5224 and terminal5226, and is sent from personal computer 50 to distribution server 10(step S138).

Distribution server 10 receives transactionID//{Ks2//KPmc8//CRLdate}Ks1, decrypts it with session key Ks1 bydecryption processing unit 320 and accepts session key Ks2 generated bylicense administration device 520, individual public encryption keyKPmc8 peculiar to license administration device 520 and update date/timeCRLdate of certificate revocation list CRL of license administrationdevice 520 (step S142).

Distribution control unit 315 produces access control information ACmand reproduction control information ACp in accordance with the contentID and data AC of the license purchase conditions obtained in step S110(step S144). Further, distribution control unit 315 obtains license keyKc for decrypting the encrypted content data from content database 304(step S146).

Distribution control unit 315 provides the produced license, i.e.,transaction ID, content ID, license key Kc, reproduction controlinformation ACp and access control information ACm to encryptionprocessing unit 326. Encryption processing unit 326 encrypts the licensewith public encryption key KPmc8, which is peculiar to licenseadministration device 520 and is obtained by decryption processing unit320, to produce encrypted data {transaction ID//contentID//Kc//ACm//ACp}Kmc8 (step S148).

Referring to FIG. 12, in distribution server 10, update date/timeCRLdate of the certificate revocation list, which is sent from licenseadministration device 520, is compared with the update date/time ofcertificate revocation list CRL of distribution server 10 held in CRLdatabase 306, and thereby it is determined whether certificaterevocation list CRL held in license administration device 520 is thelatest or not. When it is determined that certificate revocation listCRL held in license administration device 520 is the latest, theoperation moves to a step S152. When certificate revocation list CRLheld in license administration device 520 is not the latest, theoperation moves to a step S160 (step S150).

When it is determined that list CRL is the latest, encryption processingunit 328 encrypts encrypted data {transaction ID//contentID//Kc//ACm//ACp}Kmc8 provided from encryption processing unit 326 withsession key Ks2 generated by license administration device 520, andoutputs encrypted data {{transaction ID//contentID//Kc//ACm//ACp}Kmc8}Ks2 onto bus BS1. Distribution control unit 315sends encrypted data {{transaction ID//content ID//Kc//ACm//ACp}Kmc8}Ks2on bus BS1 to personal computer 50 via communication device 350 (stepS152).

Controller 510 of personal computer 50 receives encrypted data{{transaction ID//content ID//Kc//ACm//ACp}Kmc8}Ks2 (step S154), andprovides it to license administration device 520 via bus BS5. Decryptionprocessing unit 5212 of license administration device 520 receivesencrypted data {{transaction ID//content ID//Kc//ACm//ACp}Kmc8}Ks2 viaterminal 5226 and interface 5224, and decrypts it with session key Ks2generated by session key generating unit 5218 to accept encrypted data{transaction ID//content ID//Kc//ACm//ACp}Kmc8 (step S158). Thereafter,the operation moves to a step S172.

When it is determined in distribution server 10 that certificaterevocation list CRL held in license administration device 520 is not thelatest, distribution control unit 315 obtains the latest certificaterevocation list CRL from CRL database 306 via bus BS1 to produce thedifferential data, i.e., differential CRL (step S160).

Encryption processing unit 328 receives the output of encryptionprocessing unit 326 and differential CRL of the certificate revocationlist supplied from distribution control unit 315 via bus BS1, andencrypts them with session key Ks2 produced in license administrationdevice 520. Encrypted data {differential CRL//{transaction ID//contentID//Kc//ACm//ACp}Kmc8}Ks2 provided from encryption processing unit 328is sent to personal computer 50 via bus BS1 and communication device 350(step S162).

Personal computer 50 receives encrypted data {differentialCRL//{transaction ID//content ID//Kc//ACm//ACp}Kmc8}Ks2 sent thereto(step S164), and provides it via bus BS5 to license administrationdevice 520 (step S166). In license administration device 520, decryptionprocessing unit 5212 decrypts the received data provided onto bus BS5via terminal 5226 and interface 5224. Decryption processing unit 5212decrypts the received data on bus BS5 with session key Ks2, which isprovided from session key generating unit 5218, and provides it onto busBS5 (step S168).

In this stage, encrypted license {transaction ID//contentID//Kc//ACm//ACp}Kmc8, which can be decrypted with private decryptionkey Kmc8 held on Kmc holding unit 5221, and differential CRL are outputonto bus BS5 (step S168). In accordance with the instruction fromcontroller 5220, certificate revocation list CRL held in CRL region5215A of memory 5215 is updated by adding accepted differential CRLthereto (step S170).

The operations in steps S152, S154, S156 and S158 are executed fordistributing the license to license administration device 520 whencertificate revocation list CRL of license administration device 520 isthe latest. The operations in steps S160, S162, S164, S166, S168 andS170 are executed for distributing the license to license administrationdevice 520 when certificate revocation list CRL of licenseadministration device 520 is not the latest. From the update date/timeCRLdate of the certificate revocation list sent from licenseadministration device 520, as described above, it is determined one byone whether certificate revocation list CRL of license administrationdevice 520 requesting for the distribution is the latest or not. When itis not the latest, the latest certificate revocation list CRL isobtained from CRL database 306, and differential CRL is sent to licenseadministration device 520 to update certificate revocation list CRL oflicense administration device 520.

After steps S158 or S170, controller 5220 instructs decryptionprocessing unit 5204 to decrypt encrypted license {transactionID//content ID//Kc//ACm//ACp}Kmc8 with individual private decryption keyKmc8, and license (license key Kc, transaction ID, content ID, accesscontrol information ACm and reproduction control information ACp) isaccepted (step S172).

Referring to FIG. 13, controller 510 provides the entry numberindicating the entry for storing the licenses, which are received bylicense administration device 520, to license administration device 520(step S174). Thereby, controller 5220 of license administration device520 receives the entry number via terminal 5226 and interface 5224, andstores license (license key Kc, transaction ID, content ID, accesscontrol information ACm and reproduction control information ACp), whichis obtained in step S172, in license region 5215B of memory 5215designated by the received entry number (step S176).

Controller 510 of personal computer 50 sends the transaction ID sentfrom distribution server 10 and the request for distribution of theencrypted content data to distribution server 10 (step S178).

Distribution server 10 receives the request for distribution of thetransaction ID and the encrypted content data (step S180), obtainsencrypted content data {Dc}Kc and additional information Dc-inf fromcontent database 304, and outputs these data and information via bus BS1and communication device 350 (step S182).

Personal computer 50 receives {Dc}Kc//Dc-inf, and accepts encryptedcontent data {Dc}Kc and additional information Dc-inf (step S184).Thereby, controller 510 records encrypted content data {Dc}Kc andadditional information Dc-inf as one content file on hard disk 530 viabus BS2 (step S186). Controller 510 produces the license administrationfile, which includes the entry number of the license stored in licenseadministration device 520 as well as plaintext of transaction ID andcontent ID, and corresponds to encrypted content data {Dc}Kc andadditional information Dc-inf, and records it on hard disk 530 via busBS2 (step S188). Further, controller 510 adds the accepted contentinformation to the content list file recorded on hard disk 530, and morespecifically adds names of the recorded content file and licenseadministration file as well as information (e.g., title of tune and nameof artist), which relates to the encrypted content data and is extractedfrom additional information Dc-inf (step S190). Then, controller 510sends the transaction ID and the distribution acceptance to distributionserver 10 (step S192).

When distribution server 10 receives transaction ID//distributionacceptance (step S194), it stores the accounting data in accountingdatabase 302, and records the transaction ID in distribution logdatabase 308. Thereby, processing of ending the distribution is executed(step S196), and the whole processing ends (step S198).

As described above, it is determined that license administration device520 arranged within personal computer 50 is the device holding theregular or valid authentication data, and at the same time, it isdetermined that class public encryption key KPm7, which is encrypted andsent together with class certificate Cm7, is valid. After determiningthese facts, the content data can be distributed only in response to thedistribution request sent from the license administration device havingclass certificate Cm7 not listed in the certificate revocation list, andthus the license administration device not mentioned in the classcertificate list, of which encryption with public encryption key KPm7 isbroken. Therefore, it is possible to inhibit the distribution tounauthorized license administration device as well as the distributionusing the descrambled or broken class key.

The encryption keys produced in the distribution server and the licenseadministration module are transmitted between them. Each of thedistribution server and the license administration module executes theencryption with the received encryption key, and sends the encrypteddata to the other so that the mutual authentication can be practicallyperformed even when sending and receiving the encrypted data, and it ispossible to improve the security in the data distribution system.

For receiving the license from distribution server 10, licenseadministration device 520 transmits the data to and from distributionserver 10 by hardware, and stores the license by hardware forreproducing the encrypted content data so that the security levelthereof can be high. By using license administration device 520,therefore, personal computer 50 can receive the license distributed at ahigh security level, and can administer the license at a high securitylevel of level 2.

According to the flow charts of FIGS. 10-13, it is also possible todistribute the encrypted content data and the license to memory card 110attached to cellular phone 100 shown in FIG. 1 over the cellular phonenetwork. This can be achieved by replacing personal computer 50 withcellular phone 100, and replacing license administration device 520 withmemory card 110 in the above description. In this case, steps S186, S188and S190 illustrated in FIG. 13 are executed in such a manner that thecontent file (encrypted content data {Dc}Kc and additional informationDc-inf) and the reproduction list file used instead of the content listfile are recorded at data region 1415C in memory 1415 of memory card110. The processing other than the above is performed in the samemanner.

For distributing the encrypted content data and the license to memorycard 110, the encrypted content data and the license are received andstored by hardware. Therefore, distribution of the encrypted contentdata and the license to memory card 110 can be administered at a highsecurity level with level-2 license, as is done in the distribution ofthe encrypted content data and the license to license administrationdevice 520.

[Distribution 2]

In the data distribution systems shown in FIGS. 1 and 2, the encryptedcontent data and the license are distributed from distribution server 10to license administration module 511 of personal computer 50, as will bedescribed below. This operation will be referred to as “distribution 2”.

Before the processing in FIG. 14, the user connects user's personalcomputer 50 to distribution server 10 via modem 40, and thereby obtainsthe content ID for the intended content to be purchased. The followingdescription is based on the premise that the above operation is alreadyperformed.

FIGS. 14-17 are first to fourth flow charts, which show the distributionoperation in the data distribution systems shown in FIGS. 1 and 2,respectively, and more specifically, show the distribution to licenseadministration module 511 in personal computer 50 performed at the timeof purchasing the encrypted content data. License administration module511 receives the encrypted content data and the license fromdistribution server 10 by executing the program. Although thecommunication path in the “distribution 2” (i.e., path betweendistribution server 10 and personal computer 50) transmits the data ofthe same format as that in the “distribution 1” with the security of thesame structure as that in the “distribution 1”. However, distributionserver 10 uses two public authentication keys KPa1 and KPa2. KPa2 is apublic authentication key for determining the authentication data ofmemory card 110 and license administration device 520 of the securitylevel of level 2. KPa1 is a public authentication key for determiningthe authentication data of license administration module 511 of thesecurity level of level 1. License administration module 511 is aprogram module having the substantially same license administrationfunction as license administration device 520. Therefore, class publicauthentication key KPmw, class private decryption key Kmw, classcertificate Cmw, individual public encryption key KPmcx and individualprivate decryption key Kmcx are employed similarly to classadministration device 520. Natural number w representing the class oflicense administration module 511 is equal to five (w=5), and naturalnumber x identifying license administration module 511 is equal to six(x=6). Accordingly, license administration module 511 holdsauthentication data {KPm5//Cm5}KPa1, individual public encryption keyKPm6, class private decryption key Km5 and individual private decryptionkey Kmc6.

Referring to FIG. 14, the user of personal computer 50 enters viakeyboard 560 the distribution request by designating the content ID(step S200). Via keyboard 560, the user enters purchase conditions ACfor purchasing the license of the encrypted content data (step S202).More specifically, access control information ACm and reproductioncontrol information ACp of the encrypted content data are set, andpurchase conditions AC are input for purchasing license key Kc used fordecrypting the selected and encrypted content data.

When purchase conditions AC of encrypted content data are input,controller 510 reads authentication data {KPm5//Cm5}KPa1 from licenseadministration module 511, and sends, in addition to authentication data{KPm5//Cm5}KPa1, the content ID, data AC of the license purchaseconditions and the distribution request to distribution server 10 (stepS204).

Distribution server 10 receives from personal computer 50 thedistribution request, content ID, authentication data {KPm5//Cm5}KPa1and data AC of license purchase conditions (step S206). Distributioncontrol unit 315 determines based on class certificate Cm5 ofauthentication data {KPm5//Cm5}KPa1 whether the distribution at level 1is requested or the distribution at level 2 is requested. Authenticationdata {KPm5//Cm5}KPa1 is provided from license administration module 511for requesting the distribution at level 1 so that distribution controlunit 315 determines that the distribution at level 1 is requested.Decryption processing unit 312 decrypts received authentication data{KPm5//Cm5}KPa1 with public authentication key KPa1 for level 1 (stepS208).

Distribution control unit 315 performs authentication processing basedon the result of decryption by decryption processing unit 312 todetermine whether the received authentication data {KPm5//Cm5}KPa1 isthe authentication data encrypted for level 1, and particularly for thepurpose of verifying its authenticity or validity by a regular system ornot (step S210). When it is determined that authentication data is thevalid data for level 1, distribution control unit 315 approves andaccepts class public encryption key KPm5 and class certificate Cm5. Theoperation moves to a step S212. When distribution control unit 315determines that it is not the valid authentication data for level 1, thedata is not approved, and the processing ends without accepting classpublic encryption key KPm5 and class certificate Cm5 (step S288).

Although description will be made no longer, distribution server 10 candirectly send the license at level 1 to the license administrationdevice 520 or memory card 110 having the security level of level 2 viapersonal computer 50.

When class public encryption key KPm5 and class certificate Cm5 areaccepted as a result of authentication, distribution control unit 315then refers to CRL database 306 to determine whether class certificateCm5 of license administration module 511 is listed in certificaterevocation list CRL. When class certificate Cm5 is listed in thecertificate revocation list, the distribution session ends (step S288).

When the class certificate of license administration module 511 is notlisted in the certificate revocation list, next processing starts (stepS214).

When class public encryption key KPm5 and class certificate Cm5 areaccepted as a result of the authentication processing, and it isdetermined that the class certificate is not listed in the certificaterevocation list, distribution control unit 315 in distribution server 10produces the transaction ID, which is the administration code forspecifying the distribution (step S214). Also, session key generatingunit 316 generates session key Ks1 for distribution (step S216). Sessionkey Ks1 is encrypted by encryption processing unit 318 with class publicencryption key KPm5 corresponding to license administration module 511and obtained by decryption processing unit 312 (step S218).

The transaction ID and encrypted session key Ks1 are externally outputas transaction ID//{Ks1}Km5 via bus BS1 and communication device 350(step S220).

Referring to FIG. 15, when controller 510 of personal computer 50receives transaction ID//{Ks1}Km5 (step S222), license administrationmodule 511 receives encrypted data {Ks1}Km5; decrypts it with classprivate decryption key Km5 peculiar to license administration module 511and accepts session key Ks1 (step S224).

License administration module 511 produces session key Ks2 when itconfirms the acceptance of session key Ks1 produced by distributionserver 10 (step S226). Controller 510 reads encrypted CRL stored on harddisk 530 via bus BS2. License administration module 511 decryptsencrypted CRL to obtain certificate revocation list CRL, and obtainsupdate date/time CRLdate of the certificate revocation list fromdecrypted certificate revocation list CRL (step S228). Licenseadministration module 511 further encrypts session key Ks2, individualpublic encryption key KPmc6 and update date/time CRLdate of thecertificate revocation list, which are produced by licenseadministration module 511, with session key Ks1 generated indistribution server 10, to provide one data string, and outputsencrypted data {Ks2//KPmc6//CRLdate}Ks1 (step S230).

Controller 510 sends transaction ID//{Ks2//KPmc6//CRLdate}Ks1, which isprepared by adding the transaction ID to encrypted data{Ks2//KPmc6//CRLdate}Ks1, to distribution server 10 (step S232).

Distribution server 10 receives transaction ID//{Ks2//KPmc6//CRLdate}Ks1(step S234), decrypts it with session key Ks1 by decryption processingunit 320 and accepts session key Ks2 produced by license administrationmodule 511, individual public encryption key KPmc6 peculiar to licenseadministration module 511 and update date/time CRLdate of thecertificate revocation list in license administration module 511 (stepS236).

Distribution control unit 315 produces access control information ACmand reproduction control information ACp in accordance with the contentID and data AC of the license purchase conditions obtained in step S206(step S238). Further, distribution control unit 315 obtains license keyKc for decrypting encrypted content data {Dc}Kc from content database304 (step S240).

Distribution control unit 315 provides the produced license, i.e.,transaction ID, content ID, license key Kc, reproduction controlinformation ACp and access control information ACm to encryptionprocessing unit 326. Encryption processing unit 326 encrypts the licensewith public encryption key KPmc6, which is obtained by decryptionprocessing unit 320 and is peculiar to license administration module511, to provide encrypted data {transaction ID//contentID//Kc//ACm//ACp}Kmc6 (step S242).

Referring to FIG. 16, in distribution server 10, update date/timeCRLdate of the certificate revocation list, which is sent from licenseadministration module 511, is compared with the update date/time ofcertificate revocation list CRL of distribution server 10 held in CRLdatabase 306, and thereby it is determined whether certificaterevocation list CRL held in license administration module 511 is thelatest or not. When it is determined that certificate revocation listCRL held in license administration module 511 is the latest, theoperation moves to a step S246. If certificate revocation list CRL heldin license administration module 511 is not the latest, the operationmoves to a step S252 (step S244).

When it is determined that certificate revocation list CRL is thelatest, encryption processing unit 328 encrypts encrypted data{transaction ID//content ID//Kc//ACm//ACp}Kmc6 provided from encryptionprocessing unit 326 with session key Ks2 produced by licenseadministration module 511, and outputs encrypted data {{transactionID//content ID//Kc//ACm//ACp}Kmc6}Ks2 onto bus BS1. Distribution controlunit 315 sends encrypted data {{transaction ID//contentID//Kc//ACm//ACp}Kmc6}Ks2 on bus BS1 to personal computer 50 viacommunication device 350 (step S246).

Controller 510 of personal computer 50 receives encrypted data{{transaction ID//content ID//Kc//ACm//ACp}Kmc6}Ks2 (step S248), andlicense administration module 511 decrypts encrypted data {{transactionID//content ID//Kc//ACm//ACp}Kmc6}Ks2 with session key Ks2 to acceptencrypted data {transaction ID//content ID//Kc//ACm//ACp}Kmc6 (stepS250). Thereafter, the operation moves to a step S262.

When it is determined in distribution server 10 that certificaterevocation list CRL held in license administration module 511 is not thelatest, distribution control unit 315 obtains the latest certificaterevocation list CRL from CRL database 306 via bus BS1 to produce thedifferential data, i.e., differential CRL (step S252).

Encryption processing unit 328 receives the output of encryptionprocessing unit 326 and differential CRL of certificate revocation listCRL supplied from distribution control unit 315 via bus BS1, andencrypts them with session key Ks2 produced in license administrationmodule 511. Encrypted data {differential CRL//{transaction ID//contentID//Kc//ACm//ACp}Kmc6}Ks2 provided from encryption processing unit 328is sent to personal computer 50 via bus BS1 and communication device 350(step S254).

Personal computer 50 receives encrypted data {differentialCRL//{transaction ID//content ID//Kc//ACm//ACp}Kmc6}Ks2 sent thereto(step S256), and license administration module 511 decrypts the receiveddata with session key Ks2 to accept differential CRL and encrypted data{transaction ID//content ID//Kc//ACm//ACp}Kmc6 (step S258).

Controller 510 adds differential CRL thus accepted to certificaterevocation list CRL obtained in step S228, effects unique encryption onthe latest certificate revocation list CRL, and overwrite certificaterevocation list CRL recorded on hard disk 530 with certificaterevocation list CRL thus encrypted (step S260).

The operations in steps S246, S248 and S250 are executed fordistributing license key Kc and others to license administration module511 when certificate revocation list CRL of license administrationmodule 511 is the latest. The operations in steps S252, S254, S256, S258and S260 are executed for distributing license key Kc and others tolicense administration module 511 when certificate revocation list CRLof license administration module 511 is not the latest. As describedabove, every certificate revocation list CRL sent from licenseadministration module 511 is processed to determine whether it isupdated or not. If not updated, the latest certificate revocation listCRL is obtained from CRL database 306, and differential CRL is sent tolicense administration module 511 to update certificate revocation listCRL administered by the license administration module.

After step 250 or 260, encrypted license {transaction ID//contentID//Kc//ACm//ACp}Kmc6 is decrypted with private decryption key Kmc6, andthe license (license key Kc, transaction ID, content ID, access controlinformation ACm and reproduction control information ACp) is accepted(step S262).

Referring to FIG. 17, license administration module 511 producescheck-out information including allowed check-out times for checking outthe encrypted content data and the license received from distributionserver 10 to another device (step S264). In this case, the initial valueof allowed check-out times is set to “3”. Thereby, licenseadministration module 511 produces the encrypted level-1 extendedlicense by effecting unique encryption on accepted license (transactionID, content ID, license key Kc, access control information ACm andreproduction control information ACp) and the produced check-outinformation (step S266). In this case, license administration module 511performs the encryption based on the ID number of controller (CPU) 510of personal computer 50 and others. Therefore, the encrypted level-1extended license thus produced is the license peculiar to personalcomputer 50, and the encrypted content data and the license cannot besent to another device unless the check-out, which will be describedlater, is used. This is because a security hole is apparently present inthe shift of the license under the administration at the security levelof level 1, and therefore the shift of the license is not allowed.

Controller 510 of personal computer 50 sends the transaction ID sentfrom distribution server 10 and the request for distribution of theencrypted content data to distribution server 10 (step S268).

Distribution server 10 receives the request for distribution of thetransaction ID and the encrypted content data (step S270), obtainsencrypted content data {Dc}Kc and additional information Dc-inf frominformation database 304, and outputs these data and information via busBS1 and communication device 350 (step S272).

Personal computer 50 receives {Dc}Kc//Dc-inf, and accepts encryptedcontent data {Dc}Kc and additional information Dc-inf (step S274).Thereby, controller 510 records encrypted content data {Dc}Kc andadditional information Dc-inf as one content file on hard disk 530 viabus BS2 (step S276). Controller 510 produces the license administrationfile, which includes the encrypted level-1 extended license produced bylicense administration module 511 as well as plaintext of transaction IDand content ID, and corresponds to encrypted content data {Dc}Kc andadditional information Dc-inf, and records it on hard disk 530 via busBS2 (step S278). Further, controller 510 adds the accepted contentinformation to the content list file recorded on hard disk 530, and morespecifically adds names of the recorded content file and licenseadministration file as well as information (title of tune and name ofartist), which relates to the encrypted content data and is extractedfrom additional information Dc-inf (step S280). Then, controller 510sends the transaction ID and the distribution acceptance to distributionserver 10 (step S282).

When distribution server 10 receives transaction ID//distributionacceptance (step S284), it stores the accounting data in accountingdatabase 302, and records the transaction ID in distribution logdatabase 308. Thereby, processing for ending the distribution isexecuted (step S286), and the whole processing ends (step S288).

As described above, the encryption keys generated in the distributionserver and the license administration module are sent and received, theencryption is executed with the received encryption key on each side,and the encrypted data is sent to the other side. Thereby, the mutualauthentication can be practically performed even when sending andreceiving the encrypted data, and it is possible to improve the securityin the data distribution system and to operate certificate revocationlist CRL, similarly to the case where the license is directlydistributed to license administration device 520 and memory card 110.

In personal computer 50, however, license administration module 511sends and receives the data by software, receives the license fromdistribution server 10 and administers the license thus received. Inthese points, the security level of the distribution of the license bylicense administration module 511 is lower than that in the case wherethe license is directly distributed to license administration device 520and memory card 110.

[Ripping]

The user of personal computer 50 can obtain the encrypted content dataand the license distributed thereto, and further can obtain music datafrom music CDs owned by the user for using it. From the viewpoint of thecopyright protection of the copyright holder, digital copy of the musicCD cannot be performed freely, but is allowed if it is performed for thepersonal use (i.e., for enjoying the music) by the owner of the CD witha tool provided with a copyright protection function. Accordingly,license administration module 511 includes a program executing theripping function of obtaining music data from music CDs, and producingthe encrypted content data and the license, which can be administered bylicense administration module 511.

In recent years, some kinds of music CDs contain electronic watermarkswritten in music data. The watermark describes, as rules of use, therange of use by the user determined by the copyright holder. In theprocessing of ripping the music data containing the rules of usedescribed therein, the rules of use must be observed from the viewpointof copyright protection. It is assumed that the rules of use define thecopy conditions (inhibition of copy, copy-allowed generation orallowance of copy), effective period of copy, allowed maximum check-outtimes, edition, reproduction speed, regional code for reproduction,restrictions on reproduction times of copy and allowed use time. Thereare conventional music CDs, in which the watermark cannot be detected,and thus the rules of use are not described.

The ripping is performed by obtaining the music data directly from themusic CD, and may also be performed in such a manner which the musicdata is obtained by changing music signals taken as analog signals intodigital signals. Further, the ripping may be performed by obtaining themusic data, which is compressed and encoded for reducing the amount ofdata. Further, the ripping may be performed by taking in, as the input,content data, which is distributed in a distribution system other thanthe distribution system of the embodiment.

Referring to FIGS. 18 and 19, description will now be given on theoperation of obtaining the encrypted content data and the license byripping from the music CD storing music data.

FIG. 18 is a function block diagram illustrating a function of softwarefor ripping the music data read from music CD 60 by CD-ROM drive 540provided in personal computer 50 shown in FIG. 6. The software forripping the music data includes a watermark detecting unit 5400, awatermark determining unit 5401, a re-mark unit 5402, a licensegenerating unit 5403, a music encoder 5404 and an encrypting unit 5405.

Watermark detecting unit 5400 detects the watermark from the music dataobtained from the music CD, and extracts the rules of use describedtherein. Watermark determining unit 5401 determines the result ofdetection performed by watermark detecting unit 5400, and thusdetermines whether the watermark is detected or not. When detected,watermark determining unit 5401 determines whether the ripping isallowed or not, based on the rules of use defined by the watermark. Thefact that the ripping is allowed means that there is no rule of usedefined by the watermark, or that the rules of use allowing copy andshift of the music data recorded on the music CD are defined by thewatermark. The fact that the ripping is not allowed means that the rulesof use inhibiting copy and shift of the music data recorded on the musicCD are defined by the watermark.

When it is determined according to the result of determination bywatermark determining unit 5401 that the rippling is allowed, and theinstruction relating to the copy generation is present (i.e., when thecopy and shift of the music data are allowed), re-mark unit 5402replaces the watermark in the music data with another watermarkdescribing changed copy conditions of the music data. However, in such acase that the analog signal is supplied for ripping, encoded music datais input, or music data distributed by another distribution system isinput, the watermark is necessarily replaced regardless of the contentsof the rules of use as long as the ripping is allowed. In this case, ifthere is an instruction relating to the copy generation, the contents ofrules of use are changed. Otherwise, the obtained rules of use are usedas they are.

License generating unit 5403 generates the license based on the resultof determination by watermark determining unit 5401. Music encoder 5404encodes the music data bearing the watermark, which is changed byre-mark unit 5402, into a predetermined format. Encrypting unit 5405encrypts the music data sent from music encoder 5404 with license key Kcincluded in the license, which is generated by license generating unit5403.

Referring to FIG. 19, description will now be given on the rippingoperation by controller 510 in personal computer 50. When the rippingoperation starts, watermark detecting unit 5400 detects the rules of usein the watermark based on the data, which is detected from the music CD(step S300). Watermark determining unit 5401 performs the determinationbased on the result of detection by watermark detecting unit 5400 andthe rules of use recorded in the watermark, and more specificallydetermines whether the copy is allowed or not (step S302). In the casewhere the watermark is detected, the rules of use allow copy, and theaccess control information and reproduction control information in thelicense can comply with the contents of rules of use, it is determinedthat the ripping is allowed, and the operation moves to a step S304.When the watermark is detected, but the rules of use inhibits copy, orthe access control information and reproduction control information inthe license do not comply with the contents of rules of use, it isdetermined that the ripping is inhibited, and the operation moves to astep S328 for ending the ripping operation. When the watermark is notdetected in the CD loaded to the drive, it is determined that thewatermark is not contained, and the operation moves to a step S310.

When it is determined in step S302 that the ripping is allowed, themusic data is taken out from music CD 60, and re-mark unit 5402 replacesthe watermark included in the music data with a new watermark describingthe changed copy conditions (step S304). When the rules of use of thelast watermark allowed the copy to the third generation, the newwatermark allows the copy to the second generation. License generatingunit 5403 generates access control information ACm and reproductioncontrol information ACp reflecting the rules of use as well as thelicense ID, content ID and license key only for the local use (stepS306). License key Kc is a random number, and default values areassigned to items, to which the rules of use are not applied, in accesscontrol information ACm and reproduction control information ACp. Also,in access control information ACm, a shift/copy flag is set to zero forinhibiting the shift and copy, and the allowed reproduction times areset to 255 representing non-restriction. In the reproduction controlinformation ACp, no restriction on the reproduction period is selected.Thereafter, license generating unit 5403 generates the check-outinformation including the allowed check-out times reflecting the rulesof use (step S308). The allowed check-out times are equal to threeunless otherwise specified.

In step S302, if the watermark is not detected, license generating unit5403 generates the license inhibiting the copy and shift, and thusgenerates access control information ACm, in which the shift/copy flaginhibits the shift and copy (=0) and the allowed reproduction times arenot restricted (=255), reproduction control information ACp notrestricting the reproduction period as well as the license ID only forthe local use, content ID and license key Kc (step S310). Thereafter,license generating unit 5403 generates check-out information includingthe allowed check-out times, of which initial value is equal to 3 (stepS312).

After step S308 or S312, music encoder 5404 encodes the music data,which bears the changed watermark, in a predetermined format to generatecontent data Dc (step S314). Encrypting unit 5405 encrypts the musicdata sent from music encoder 5404 with license key Kc included in thelicense, which is generated by license generating unit 5403, to generateencrypted content data {Dc}Kc (step S316). Thereafter, additionalinformation Dc-inf of content data Dc is produced from the informationincluded in music CD 60 or from information entered by the user throughkeyboard 560 of personal computer 50 (step S318).

Thereby, controller 510 of personal computer 50 obtains encryptedcontent data {Dc}Kc and additional information Dc-inf via bus BS2, andrecords them on hard disk 530 as a content file (step S320). Controller510 produces the encrypted level-1 extended license by effecting uniqueencryption on the produced license (transaction ID, content ID, licensekey Kc, access control information ACm and reproduction controlinformation ACp) and the check-out information (step S322). Thereafter,controller 510 produces the license administration file, which includesthe encrypted level-1 extended license as well as the plaintext oftransaction ID and content ID, and corresponds to encrypted content data{Dc}Kc and additional information Dc-inf recorded on the hard disk instep S320, and records it on hard disk 530 (step S324). Finally,controller 510 adds the file name of the accepted content to the contentlist file recorded on hard disk 530 (step S326). Thereby, the rippingoperation ends (step S328).

As described above, the encrypted content data and the license canlikewise be obtained by the ripping from the music CD, and the obtainedlicense is protected and administered together with the contentdistributed from distribution server 10. The encrypted content data andthe license obtained by ripping from the music CD are protected at thesame security level as the encrypted content data and the licenseobtained by the license administration module. Therefore, the encryptedcontent data and the license obtained by ripping cannot be basicallytaken out from the personal computer except for the case of theforegoing check-out.

[Shift/Copy]

In the data distribution systems shown in FIGS. 1 and 2, the license,which is distributed from distribution server 10 to licenseadministration device 520 of personal computer 50, as well as theencrypted content data corresponding to this license are sent to memorycard 110 attached to cellular phone 100 or reproduction terminal 102.Description will now be given on this operation. This operation will bereferred to as “shift/copy”, and is performed only between unitsensuring the security level of level 2. In the shift/copy operation, thedetermination whether the license can be duplicated or not is performedaccording to the shift/copy flag in access control information ACmincluded in the license. When the shift/copy flag allows the shift/copy(=3), the copy of the license is already allowed by the content provideror supplier. Therefore, when the shift/copy flag allows the shift/copy(=3), copy of the license is performed. Likewise, when the shift/copyflag allows only shift (=2), shift of the license is performed.

License administration device 520 is not allowed to supply the licenseonly to the license administration device and the content reproducingcircuit of the security level of level 2, and for this purpose, KPaholding unit 1414 holds only public authentication key KPa2 at level 2.

FIGS. 20-23 are first to fourth flow charts of the shift/copy operationperformed in the data distribution systems shown in FIGS. 1 and 2,respectively, and particularly illustrate the shift/copy operation, inwhich the encrypted content data and the license received by licenseadministration device 520 from distribution server 10 are given tomemory card 110 attached to cellular phone 100 or reproduction terminal102. Since cellular phone 100 and reproduction terminal 102 operatemerely to relay the data in the shift operation, these are not shown inthe flow charts. The following description is given on the case of shiftto memory card 110 attached to reproduction terminal 102 shown in FIG.2. However, shift to memory card 110 attached to cellular phone 100shown in FIG. 1 is performed in a similar manner except for thatcellular phone 100 functions instead of reproduction terminal 102.

Before the processing illustrated in FIG. 20, the user of personalcomputer 50 determines the content to be shifted or copied in accordancewith the content list file, and the content file and the licenseadministration file are specified. The following description is based onthe premise that the above operation is already performed.

Referring to FIG. 20, when the user enters the shift request viakeyboard 560 of personal computer 50 (step S400), controller 510 sends arequest for sending of the authentication data to reproduction terminal102 via USB interface 550, terminal 580 and USB cable 70 (step S402).Controller 1106 of reproduction terminal 102 receives the request forthe authentication data via terminal 1114, USB interface 1112 and busBS3, and sends the received request for the authentication data tomemory card 110 via bus BS3 and memory card interface 1200. Controller1420 of memory card 110 receives the request for the authentication datavia terminal 1426, interface 1424 and bus BS4 (step S404).

When controller 1420 receives the request for the authentication data,it reads out authentication data {KPm3//Cm3}KPa2 from authenticationdata holding unit 1400 via bus BS4, and provides authentication data{(KPm3//Cm3}KPa2 thus read to reproduction terminal 102 via bus BS4,interface 1424 and terminal 1426. Controller 1106 of reproductionterminal 102 receives authentication data {KPm3//Cm3}KPa2 via memorycard interface 1200 and bus BS3, and sends authentication data{KPm3//Cm3}KPa2 to personal computer 50 via bus BS3, USB interface 1112,terminal 1114 and USB cable 70 (step S406).

Thereby, controller 510 of personal computer 50 receives authenticationdata {KPm3//Cm3}KPa2 via terminal 580 and USB interface 550 (step S408),and sends authentication data {KPm3//Cm3}KPa2 thus received to licenseadministration device 520 via bus BS2. Controller 5220 of licenseadministration device 520 receives authentication data {KPm3//Cm3}KPa2via terminal 5226, interface 5224 and bus BS5, and providesauthentication data {KPm3//Cm3}KPa2 thus received to decryptionprocessing unit 5208. Decryption processing unit 5208 decryptsauthentication data {KPm3//Cm3}KPa2 with public authentication key KPa2provided from KPa holding unit 5214 (step S410). Controller 5220performs the authentication processing based on the result of decryptionby decryption processing unit 5208 for determining whether theprocessing is performed correctly or not, and thus whether it receivesor not the authentication data, which is encrypted for certifying itsvalidity by a regular system, for authenticating the fact that memorycard 110 holds class public encryption key KPm3 and class certificateCm3 provided from the regular memory card (step S412). When it isdetermined that the authentication data is valid, controller 5220approves and accepts class public encryption key KPm3 and classcertificate Cm3. Then, next processing is performed in a step S414. Whenthe authentication data is not valid, controller 5220 does not approveclass public encryption key KPm3 and class certificate Cm3, and theprocessing ends without accepting them (S504).

Since license administration device 520 holds only pubic authenticationkey KPa2 corresponding to level 2, the authentication fails, and theprocessing ends if the request is made from license administrationmodule 511 having the security level of level 1. Thus, the shift fromlevel 2 to level 1 is impossible.

When it is determined that the regular memory card is used, controller5220 then refers to CRL region 5215A of memory 5215 to determine whetherclass certificate Cm3 of memory card 110 is listed in certificaterevocation list CRL or not. When class certificate Cm3 is listed in thecertificate revocation list, the shift operation ends (step S504).

When the class certificate of memory card 110 is not listed in thecertificate revocation list, the operation moves to a next step (S414).

When it is determined from a result of the authentication processingthat the access is made from the reproduction terminal provided with thememory card having valid authentication data, and the class is notlisted in the certificate revocation list, session key generating unit5218 generates a session key Ks22 for shift (step S416). Encryptionprocessing unit 5210 encrypts session key Ks22 thus produced with classpublic encryption key KPm3, which corresponds to memory card 110 and isobtained by decryption processing unit 5208 (step S418). Controller 5220obtains encrypted data {Ks22}Km3 via bus BS5, and outputs encrypted data{Ks22}Km3 via bus BS5, interface 5224 and terminal 5226 (step S420).

When controller 510 of personal computer 50 receives encrypted data{Ks22}km3 from license administration device 520, it obtains transactionID from the license administration file recorded on hard disk 530 (stepS422).

Referring to FIG. 21, controller 510 of personal computer 50 sendstransaction ID//{Ks22}Km3, which is prepared by adding obtainedtransaction ID to encrypted data {Ks22}Km3, to reproduction terminal 102via USB interface 550, terminal 580 and USB cable 70 (step S422).Thereby, controller 1106 of reproduction terminal 102 receivestransaction ID//{Ks22}Km3 via terminal 1114, USB interface 1112 and busBS3, and sends transaction ID//{Ks22}Km3 thus received to memory card110 via memory card interface 1200. Controller 1420 of memory card 110receives transaction ID//{Ks22}Km3 via terminal 1426, interface 1424 andbus BS4 (step S426). Decryption processing unit 1422 receives encrypteddata {Ks22}Km3 from controller 1420 via bus BS4, and decrypts encrypteddata {Ks22}Km3 with class private decryption key Km3 sent from Kmholding unit 1421. Thereby, decryption processing unit 1422 acceptssession key Ks22 (step S428). Session key generating unit 1418 generatessession key Ks2 (step S430). Controller 1420 obtains update date/timeCRLdate of the certificate revocation list from CRL region 1415A ofmemory 1415 via bus BS4, and provides update date/time CRLdate thusobtained to selector switch 1446 (step S432).

Thereby, encryption processing unit 1406 encrypts session key Ks2,individual public encryption key KPmc4 and update date/time CRLdate ofthe certificate revocation list, which are obtained by successivelyselecting the terminals of selector switch 1446, with session key Ks22,which is decrypted by decryption processing unit 1404, to produceencrypted data {Ks2//KPmc4//CRLdate}Ks22. Controller 1420 outputsencrypted data {Ks2//KPmc4//CRLdate}Ks22 to reproduction terminal 102via bus BS4, interface 1424 and terminal 1426. Controller 1106 ofreproduction terminal 102 receives encrypted data{Ks2//KPmc4//CRLdate}Ks22 via memory card interface 1200. Controller1106 sends encrypted data {Ks2//KPmc4//CRLdate}Ks22 to personal computer50 via USB interface 1112, terminal 1114 and USB cable 70 (step S434).

Controller 510 of personal computer 50 receives encrypted data{Ks2//KPmc4//CRLdate}Ks22 via terminal 580 and USB interface 550 (stepS436), and provides encrypted data {Ks2//KPmc4//CRLdate}Ks22 to licenseadministration device 520 via bus BS2 (step S438). Controller 5220 oflicense administration device 520 receives encrypted data{Ks2//KPmc4//CRLdate}Ks22 via terminal 5226, interface 5224 and bus BS5,and provides encrypted data {Ks2//KPmc4//CRLdate}Ks22 thus received todecryption processing unit 5212. Decryption processing unit 5212decrypts encrypted data {Ks2//KPmc4//CRLdate}Ks22 with session key Ks22provided from session key generating unit 5218, and accepts session keyKs2, individual public encryption key KPmc4 and update date/time CRLdateof the certificate revocation list (step S440).

Controller 510 of personal computer 50 reads from hard disk 530 theentry number included in the license administration file, which wasrecorded on hard disk 530 in step S424. Controller 510 provides theentry number thus read to license administration device 520 via bus BS2(step S442). Controller 5220 of license administration device 520receives the entry number via terminal 5226, interface 5224 and bus BS5,and reads license (transaction ID, content ID, license key Kc, accesscontrol information ACm and reproduction control information ACp) fromthe entry of license region 5215B in memory 5215 designated by the entrynumber (step S444).

Then, controller 5220 determines access control information ACm (stepS346). More specifically, controller 5220 first determines, based onobtained access control information ACm, whether the license to beshifted to memory card 110 attached to reproduction terminal 102 allowsthe reproduction of the encrypted content data according to the allowedreproduction times or not. If the allowed reproduction times are zero,the encrypted content data cannot be reproduced with the license, and itis meaningless to shift the encrypted content data and the license tomemory card 110 attached to reproduction terminal 102. In view of this,the above determination is performed. If the reproduction is allowed, itis determined from the shift/copy flag whether the shift/copy of thelicense are allowed or not.

If the reproduction of the encrypted content data is not allowed in stepS446 (allowed reproduction times are zero), or the shift/copy flaginhibits the shift/copy (i.e., =0), it is determined from access controlinformation ACm that the shift/copy are impossible so that the operationmoves to step S504, and the shift operation ends. In step S446, if thereproduction of the encrypted content data is allowed (allowedreproduction times are not zero), and the shift/copy flag allows onlythe shift (i.e., =1), it is determined that the shift of license isallowed, and controller 510 deletes the license at the designated entrynumber in license region 5215B of memory 5215 (step S448), and theoperation moves to a step S450. If the reproduction of the encryptedcontent data is allowed (allowed reproduction times are not zero), andthe shift/copy flag allows the shift/copy (i.e., =3), it is determinedthat the copy of license is allowed and then the operation bypasses stepS448, and goes to a step S450.

Referring to FIG. 22, encryption processing unit 5217 encrypts thelicense with individual public encryption key KPmc4, which is obtainedby decryption processing unit 5212 and is peculiar to memory card 110,to produce encrypted data {transaction ID//content ID//Kc//ACm//ACp}Kmc4(step S450). A comparison is made between update date/time CRLdate ofthe certificate revocation list sent from memory card 110 and the updatedate/time of the certificate revocation list held in CRL region 5215A bylicense administration device 520 for determining the newer certificaterevocation list. When the certificate revocation list sent from memorycard 110 is newer than the other, the operation moves to a step S450.When the certificate revocation list of license administration device520 is newer than the other, the operation moves to a step S462 (stepS452).

When it is determined that the certificate revocation list of memorycard 110 is newer than the other, encryption processing unit 5206encrypts encrypted data {transaction ID//content ID//Kc//ACm//ACp}Kmc4provided from encryption processing unit 5217 with session key Ks2generated by session key generating unit 5218, and provides encrypteddata {{transaction ID//content ID//Kc//ACm//ACp}Kmc4}Ks2 onto bus BS5.Controller 5220 sends encrypted data {{transaction ID//contentID//Kc//ACm//ACp}Kmc4}Ks2 on bus BS5 to personal computer 50 viainterface 5224 and terminal 5226 (step S454).

Controller 510 of personal computer 50 receives encrypted data{{transaction ID//content ID//Kc//ACm//ACp}Kmc4}Ks2, and sends it toreproduction terminal 102 via USB interface 550, terminal 580 and USBcable 70 (step S456).

Controller 1106 of reproduction terminal 102 receives encrypted data{{transaction ID//content ID//Kc//ACm//ACp}Kmc4}Ks2 via terminals 1114and 1112 and bus BS3, and sends encrypted data {{transaction ID//contentID//Kc//ACm//ACp}Kmc4}Ks2 thus received to memory card 110 via bus BS3and memory card interface 1200. Controller 1420 of memory card 110receives encrypted data {{transaction ID//contentID//Kc//ACm//ACp}Kmc4}Ks2 via terminal 1426, interface 1424 and bus BS4(step S458).

Decryption processing unit 1412 of memory card 110 receives encrypteddata {{transaction ID//content ID//Kc//ACm//ACp}Kmc4}Ks2 via bus BS4,decrypts it with session key Ks2 generated by session key generatingunit 1418, and accepts encrypted data {transaction ID//contentID//Kc//ACm//ACp}Kmc4 (step S460). Thereafter, the operation moves to astep S474 illustrated in FIG. 23.

When it is determined in step S450 that the certificate revocation listof license administration device 520 is newer than the other, controller5220 of license administration device 520 obtains data CRL of the latestcertificate revocation list from CRL region 5215A of memory 5215 via busBS5, and produces the differential CRL based on update date/time CRLdatereceived from memory card 110, i.e., the destination of the license(step S462).

Encryption processing unit 5206 receives the output of encryptionprocessing unit 5217 and the differential CRL via selector switches 5242and 5246, respectively, and encrypts them with session key Ks2 generatedby session key generating unit 5218. Encrypted data {differentialCRL//{transaction ID//content ID//Kc//ACm//ACp}Kmc4}Ks2 provided fromencryption processing unit 5206 is sent to personal computer 50 via busBS5, interface 5224 and terminal 5226 (step S464).

Controller 510 of personal computer 50 receives encrypted data{differential CRL//{transaction ID//content ID//Kc//ACm//ACp}Kmc4}Ks2,and sends encrypted data {differential CRL//{transaction ID//contentID//Kc//ACm//ACp}Kmc4}Ks2 to reproduction terminal 102 via USB interface550, terminal 580 and USB cable 70 (step S466). Controller 1106 ofreproduction terminal 102 receives encrypted data {differentialCRL//{transaction ID//content ID//Kc//ACm//ACp}Kmc4}Ks2 via terminal1114, USB interface 1112 and bus BS3, and sends encrypted data{differential CRL//{transaction ID//content ID//Kc//ACm//ACp}Kmc4}Ks2via bus BS3 and memory card interface 1200 to memory card 110.Controller 1420 of memory card 110 receives encrypted data {differentialCRL//{transaction ID//content ID//Kc//ACm//ACp}Kmc4}Ks2 via terminal1426, interface 1424 and BS4 (step S468).

In memory card 110, decryption processing unit 1412 decrypts thereceived data on bus BS4 with session key Ks2 provided from session keygenerating unit 1418, and accepts the differential CRL and encrypteddata {transaction ID//content ID//Kc//ACm//ACp}Kmc4 (step S470).Controller 1420 receives differential CRL, which is accepted bydecryption processing unit 1412, via bus BS4, and adds the receiveddifferential CRL to certificate revocation list CRL held in CRL region1415A of memory 1415 for updating (step S472).

The operations in steps S454, S456, 458 and S460 are performed to shiftor duplicate license key Kc and others to memory card 110 whencertificate revocation list CRL of memory card 110 on the receiver sideis newer than certificate revocation list CRL of license administrationdevice 520 on the sender side. The operations in steps S462, S464, S466,S468, S470 and S472 are performed to shift or license key Kc and othersto memory card 110 when certificate revocation list CRL of licenseadministration device 520 on the sender side is newer than certificaterevocation list CRL of memory card 110 on the receiver side. Asdescribed above, determination is performed every time update date/timeCRLdate is sent from memory card 110, and latest certificate revocationlist CRL is stored as certificate revocation list CRL of memory card 110in CRL region 1514A. Thereby, such a situation can be prevented thatmemory card 110 provides a license to a content reproducing circuit oranother license administration device, of which security is broken,e.g., due to leakage of a private key.

Referring to FIG. 23, after steps S460 or S472, controller 1420instructs decryption processing unit 1404 to decrypt encrypted license{transaction ID//content ID//Kc//ACm//ACp}Kmc4 with individual privatedecryption key Kmc4, and license (license key Kc, transaction ID,content ID, access control information ACm and reproduction controlinformation ACp) is accepted (step S474).

Controller 510 of personal computer 50 sends the entry number forstoring the license, which is moved to memory card 110, to reproductionterminal 102 via USB interface 550, terminal 580 and USB cable 70.Thereby, controller 1106 of reproduction terminal 102 receives the entrynumber via terminal 1114, USB interface 1112 and bus BS3, and sends thereceived entry number to memory card 110 via bus BS3 and memory cardinterface 1200. Controller 1420 of memory card 110 receives the entrynumber via terminal 1426 and interface 1424, and stores the license(license key Kc, transaction ID, content ID, access control informationACm and reproduction control information ACp), which is obtained in stepS374, in license region 1415B of memory 1415 designated by the receivedentry number (step S478).

Controller 510 of personal computer 50 produces the licenseadministration file, which includes the entry number of license storedin memory 1415 of memory card 110 as well as the plaintext of thetransaction ID and the content ID, and corresponds to encrypted contentdata {Dc}Kc to be moved to memory card 110 and additional informationDc-inf, and sends it to memory card 110 (step S480).

Controller 1420 of memory card 110 receives license administration filevia reproduction terminal 102, and records the received licenseadministration file in data region 1415C of memory 1415 (step S482).

If the shift is performed according to the determination in step S446,controller 510 of personal computer 50 deletes the entry number of thelicense administration file corresponding to the license shifted tomemory card 110 (step S448), and thereby updates the file to indicate“no license” (step S486). Thereafter, controller 510 obtains encryptedcontent data {Dc}Kc and additional information Dc-inf, which are to beshifted to memory card 110, from the content file recorded on hard disk530, and sends data {Dc}Kc//Dc-inf to memory card 110 (step S490).Controller 1420 of memory card 110 receives data {Dc}Kc//Dc-inf viareproduction terminal 102 (step S492), and records received data{Dc}Kc//Dc-inf as the content file in data region 1415C of memory 1415via bus BS4 (step S494).

Thereby, controller 510 of personal computer 50 prepares thereproduction list additionally including the tunes, which are shifted tomemory card 110, in a step S496 and sends the reproduction list and theinstruction of rewriting the reproduction list to memory card 110 (stepS498). Controller 1420 of memory card 110 receives the reproduction listfile and the rewriting instruction via reproduction terminal 102 (stepS500), and performs the rewriting to replace the reproduction list file,which is recorded in data region 1415C of memory 1415, with the receivedreproduction list file via bus BS4 (step S502). Thereby, the shiftoperation ends (step S504).

As described above, it is determined that memory card 110 attached toreproduction terminal 102 is the regular or valid device, and at thesame time, it is determined that class public encryption key KPm3, whichis encrypted and sent together with class certificate Cm3, is valid.After determining these facts, the content data can be shifted only inresponse to the shift request to the memory card having classcertificate Cm3 not listed in the certificate revocation list, i.e., inthe list of the class certificates having the broken class publicencryption key KPm3. Therefore, it is possible to inhibit the shift tounauthorized memory card as well as the shift using the descrambled orbroken class key.

The encryption keys produced in the license administration module andthe memory card are transmitted between them. Each of the licenseadministration module and the memory card executes the encryption withthe received encryption key, and sends the encrypted data to the otherso that the mutual authentication can be practically performed even whensending and receiving the encrypted data, and it is possible to improvethe security in the operation of shifting the encrypted content data andthe license.

The above description has been given on the shift processing. In thecase where the content supplier allows copy of the license, the aboveoperation is performed as the copy operation, and the license is held inlicense administration device 520 on the sender side as it is. This copyis an act, which is allowed when the content supplier, i.e., copyrightholder allowed the copy at the time of distribution, and the shift/copyflag in access control information ACm was set to allow the shift/copy.Thus, this act does not infringe the right of the copyright holder. Theaccess control information is a part of the license, and the securitythereof is ensured so that the copyright is secured.

By using the shift operation described above, even the user ofreproduction terminal 102 not having a function of communicating withdistribution server 10 can receive the encrypted content data and thelicense on the memory card via personal computer 50. This improves theuser convenience.

The description has been given on the shift of license from licenseadministration device 520 of personal computer 50 to memory card 110.The shift of license from memory card 110 to license administrationdevice 520 is likewise performed in accordance with flow charts of FIGS.20-23. Thus, cellular phone 100 shown in FIG. 1 receives thedistribution, and the encrypted content data and the license stored inmemory card 110 can be saved in personal computer 50.

Among the licenses received by personal computer 50 from distributionserver 10, only the license received by hardware of licenseadministration device 520 from distribution server 10 can be shifted tomemory card 110. The encrypted content data and the license, which arereceived by software of license administration module 511 fromdistribution server 10 cannot be sent to the memory card by the “shift”.If the system were configured to allow free shift of them to memory card110, this would raise the possibility that the license can be duplicatedby shifting the license, in view of the fact that hard disk 530 bearingthe level-1 extended license encrypted by personal computer 50 is therecording device allowing free backup. For preventing such copy, it isprevented to send the license received by license administration module511 to memory card 110.

However, if the system were configured to inhibit any shift of thelicense, which is received by license administration module 511 and isadministered by the license administration module having a low securitylevel, to memory card 110, this would run counter to the major purposeof the data distribution system, which is to allow free transmission ofthe content data while securing the copyright. Accordingly, concepts ofcheck-in and check-out, which will be described below, are employed toallow sending of the content data and the license received by licenseadministration module 511 to memory card 110.

[Check-Out]

In the data distribution systems shown in FIGS. 1 and 2, the encryptedcontent data and the license, which are distributed from distributionserver 10 to license administration module 511 of personal computer 50,are sent to memory card 110 attached to reproduction terminal 102.Description will now be given on this operation, which will be referredto as “check-out”.

In the data distribution systems shown in FIGS. 1 and 2, the licenseadministered by license administration module 511 and the encryptedcontent data corresponding to the license are sent to memory card 110attached to cellular phone 100 or reproduction terminal 102 on theprecondition that the license is to be returned. Therefore, the licenseadministration module 511 holds public authentication key KPa2 at level2. In the check-out operation, it is determined whether the check-out ofthe license can be performed or not, and this determination is performedaccording to the allowed check-out times in the check-out informationheld as the encrypted level-1 extended license together with thelicense. When the allowed check-out times are zero or more, thecheck-out can be performed. According to the check-out, the license issent only from level 1 to level 2.

FIGS. 24-27 are first to fourth flow charts illustrating the check-outoperation, respectively. Since cellular phone 100 or reproductionterminal 102 operates merely to relay the data even in the check-out,these are not shown in the flow charts. The following description isgiven on the case of shift to memory card 110 attached to reproductionterminal 102 shown in FIG. 2. However, shift to memory card 110 attachedto cellular phone 100 shown in FIG. 1 is performed in a similar mannerexcept for that reproduction terminal 102 is replaced with cellularphone 100.

Before the processing illustrated in FIG. 24, the user of personalcomputer 50 determines the content to be checked out in accordance withthe content list file, and specifies the content file and the licenseadministration file. The following description is based on the premisethat the above operation is already performed.

Referring to FIG. 24, when the user enters the check-out request viakeyboard 560 of personal computer 50 (step S600), controller 510 obtainsthe encrypted license data from the license administration file recordedon hard disk 530. In this case, the license administration file isprepared by license administration module 511, and more specifically byreceiving the encrypted content data and the license, uniquelyencrypting them and storing the encrypted level-1 extended license (seestep S266 in FIG. 17). License administration module 511 obtains theencrypted level-1 extended license of the encrypted content data to bechecked out from the license administration file, and decrypts it toobtain license (transaction ID, content ID, license key Kc, accesscontrol information ACm and reproduction control information ACp) andcheck-out information (step S602).

License administration module 511 determines access control informationACm (step S604). More specifically, based on the obtained access controlinformation ACm, license administration module 511 determines whetherthe license to be checked out to memory card 110 attached toreproduction terminal 102 restricts the reproduction or not, and morespecifically, determines whether access control information ACmdesignates the reproduction times of the encrypted content data or not,and whether the reproduction is already inhibited or not. In the casewhere the reproduction times are restricted, if the license were checkedout, it would be impossible to suppress accurately the reproduction inaccordance with the allowed reproduction times.

If the reproduction is restricted in a step S604, the operation moves toa step S688, and the check-out operation ends. In step S604, if there isno restriction on the reproduction, the operation moves to a step S606.License administration module 511 determines whether the allowedcheck-out times included in the obtained check-out information arelarger than zero or not (step S606). When the allowed check-out timesare 0 or lower in step S606, there is no license for check-out so thatthe operation moves to step S688, and the check-out operation ends. Whenthe allowed check-out times are larger than zero in step S606, licenseadministration module 511 sends a request for sending of theauthentication data via USB interface 550, terminal 580 and USB cable 70(step S608). Controller 1106 of reproduction terminal 102 receives therequest for the authentication data via terminal 1114, USB interface1112 and bus BS3, and sends the received request for the authenticationdata to memory card 110 via bus BS3 and memory card interface 1200.Controller 1420 of memory card 110 receives the request forauthentication data via terminal 1426, interface 1424 and bus BS4 (stepS610).

When controller 1420 receives the request for authentication data, itreads out authentication data {KPm3//Cm3}KPa2 from authentication dataholding unit 1400 via bus BS4, and provides authentication data{KPm3//Cm3}KPa2 thus read to reproduction terminal 102 via bus BS4,interface 1424 and terminal 1426. Controller 1106 of reproductionterminal 102 receives authentication data {KPm3//Cm3}KPa2 via memorycard interface 1200 and bus BS3, and sends authentication data{KPm3//Cm3}KPa2 to personal computer 50 via bus BS3, USB interface 1112,terminal 1114 and USB cable 70 (step S612).

Thereby, license administration module 511 of personal computer 50receives authentication data {KPm3//Cm3}KPa2 via terminal 580 and USBinterface 550 (step S614), and decrypts received authentication data{KPm3//Cm3}KPa2 with authentication key KPa2 (step S616). Licenseadministration module 511 performs the authentication processing basedon the result of decryption for determining whether the processing isperformed correctly or not, and thus whether it receives or not theauthentication data, which is encrypted for certifying its validity by aregular system, for authenticating the fact that memory card 110 holdsclass public encryption key KPm3 and class certificate Cm3 provided fromthe regular memory card (step S618). When it is determined that theauthentication data is valid, license administration module 511 approvesand accepts class public encryption key KPm3 and class certificate Cm3.Then, the operation moves to a next step S620. When the authenticationdata is not valid, license administration module 511 does not approveclass public encryption key KPm3 and class certificate Cm3, and theprocessing ends without accepting these keys (S688).

When it is determined by the authentication processing that the memorycard is a regular card, license administration module 511 then refers tohard disk 530 to determine whether class certificate Cm3 of memory card110 is listed in certificate revocation list CRL or not. When classcertificate Cm3 is listed in certificate revocation list CRL, thecheck-out operation ends (step S688). When class certificate Cm3 is notlisted in certificate revocation list CRL, next processing is performed(step S620).

Referring to FIG. 25, when it is determined from a result of theauthentication processing that the access is made from the reproductionterminal provided with the memory card having valid authentication dataat level 2, and the class is not listed in the certificate revocationlist, license administration module 511 generates check-out transactionID (i.e., transaction ID for check-out), which is the administrationcode for specifying the check-out (step S622). The check-out transactionID necessarily takes a value different from all the transaction IDsstored in memory card 110, and is produced as a transaction ID for localuse. License administration module 511 produces session key Ks22 forcheck-out (step S624), and encrypts session key Ks22 thus produced withclass public encryption key KPm3 sent from memory card 110 (step S626).License administration module 511 sends check-out transactionID//{Ks22}Km3, which is prepared by adding check-out transaction ID toencrypted data {Ks22}Km3, to reproduction terminal 102 via USB interface550, terminal 580 and USB cable 70 (step S628). Thereby, controller 1106of reproduction terminal 102 receives check-out transactionIDI/{Ks22}Km3 via terminal 1114, USB interface 1112 and bus BS3, andsends check-out transaction ID//{Ks22}Km3 thus received to memory card110 via memory card interface 1200. Controller 1420 of memory card 110receives check-out transaction ID//{Ks22}Km3 via terminal 1426,interface 1424 and bus BS4 (step S630). Decryption processing unit 1422receives encrypted data {Ks22}Km3 from controller 1420 via bus BS4, anddecrypts encrypted data {Ks22}Km3 with class private decryption key Km3sent from Km holding unit 1421. Thereby, decryption processing unit 1422accepts session key Ks22 (step S632). Session key generating unit 1418generates session key Ks2 (step S634). Controller 1420 obtains updatedate/time CRLdate of the certificate revocation list from CRL region1415A of memory 1415 via bus BS4, and provides the update date/timeCRLdate thus obtained to selector switch 1446 (step S636).

Thereby, encryption processing unit 1406 encrypts session key Ks2,individual public encryption key KPmc4 and update date/time CRLdate,which are obtained by successively selecting the contacts of selectorswitch 1446, with session key Ks22 decrypted by decryption processingunit 1404 to produce encrypted data {Ks2//KPmc4//CRLdate}Ks22.Controller 1420 outputs encrypted data {Ks2//KPmc4//CRLdate}Ks22 toreproduction terminal 102 via bus BS4, interface 1424 and terminal 1426.Controller 1106 of reproduction terminal 102 receives encrypted data{Ks2//KPmc4//CRLdate}Ks22 via memory card interface 1200. Controller1106 sends it to personal computer 50 via USB interface 1112, terminal1114 and USB cable 70 (step S638).

License administration module 511 of personal computer 50 receivesencrypted data {Ks2//KPmc4//CRLdate}Ks22 via terminal 580 and USBinterface 550 (step S640), decrypts encrypted data{Ks2//KPmc4//CRLdate}Ks22 thus received with session key Ks22, andaccepts session key Ks2, individual public encryption key KPmc4 andupdate date/time CRLdate (step S642). License administration module 511produces access control information ACm for check-out, which inhibitsshift and copy of the license from the memory card attached toreproduction terminal 102 to another memory card or the like. Morespecifically, it produces access control information ACm, in which thereproduction times are not restricted (=255), and the shift/copy flag isset to “0” inhibiting the shift and copy (step S644).

Referring to FIG. 26, license administration module 511 encrypts thelicense with individual public encryption key KPmc4, which is peculiarto memory card 110 and is received in step S642, to produce encrypteddata {check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4(step S646). A comparison is made between update date/time CRLdate ofthe certificate revocation list sent from memory card 110 and the updatedate/time of the certificate revocation list, which is held on hard disk530 and is administered by license administration module, fordetermining the newer certificate revocation list. When the list sentfrom memory card 110 is newer than the other, the operation moves to astep S650. When the list of license administration module 511 is newerthan the other, the operation moves to a step S656 (step S648).

When it is determined that the list of memory card 110 is newer than theother, license administration module 511 encrypts encrypted data{check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4 withsession key Ks2, and sends encrypted data {{check-out transactionID//content ID//Kc//check-out ACm//ACp}Kmc4}Ks2 to reproduction terminal102 via USB interface 550, terminal 580 and USB cable 70 (step S650).

Controller 1106 of reproduction terminal 102 receives encrypted data{{check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4}Ks2via terminal 1114, USB interface 1112 and bus BS3, and sends encrypteddata {{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 thus received to memory card 110 via bus BS3 andmemory card interface 1200. Controller 1420 of memory card 110 receivesencrypted data {{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 via terminal 1426, interface 1424 and bus BS4 (stepS652).

Decryption processing unit 1412 of memory card 110 receives encrypteddata {{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 via bus BS4, and decrypts it with session key Ks2generated by session key generating unit 1418 to accept encrypted data{check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4 (stepS654). Thereafter, the operation moves to a step S666 shown in FIG. 27.

When it is determined in step S648 that the certificate revocation listof license administration module 511 is newer than the other, licenseadministration module 511 obtains certificate revocation list CRLadministered by the license administration module from hard disk 530,and produces differential CRL based on update dates and times CRLdatereceived from memory card 110, i.e., the destination of the license(step S656).

License administration module 511 encrypts encrypted data {check-outtransaction ID//content ID//Kc//check-out ACm//ACp}Kmc4 and differentialCRL with session key Ks2, and sends encrypted data {differentialCRL//{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 to reproduction terminal 102 via USB interface 550,terminal 580 and USB cable 70 (step S658). Controller 1106 ofreproduction terminal 102 receives encrypted data {differentialCRL//{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 via terminal 1114, USB interface 1112 and bus BS3, andoutputs encrypted data {differential CRL//{check-out transactionID//content ID//Kc//check-out ACm//ACp}Kmc4}Ks2 thus received to memorycard 110 via bus BS3 and memory card interface 1200. Thereby, controller1420 of memory card 110 receives encrypted data {differentialCRL//{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 via terminal 1426, interface 1424 and bus BS4 (stepS660).

In memory card 110, decryption processing unit 1412 decrypts thereceived data on bus BS4 with session key Ks2 provided from session keygenerating unit 1418, and accepts differential CRL and encrypted data{check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4 (stepS660). Controller 1420 receives differential CRL, which is accepted bydecryption processing unit 1412, via bus BS4, and updates certificaterevocation list CRL held in CRL region 1415A of memory 1415 by addingreceived differential CRL thereto (step S664).

In steps S650, S652 and S654, the operations are performed to check outlicense key Kc and others to memory card 110, and the operations inthese steps are performed in the case where certificate revocation listCRL of memory card 110 on the receiver side is newer than certificaterevocation list CRL of license administration module 511 on the senderside. The operations in steps S656, S658, S660, S662 and S664 areperformed for checking out license key Kc and others to memory card 110in the case where certificate revocation list CRL of licenseadministration module 511 on the sender side is newer than certificaterevocation list CRL of memory card 110 on the receiver side. Asdescribed above, determination is performed every time update date/timeCRLdate of the certificate revocation list is sent from memory card 110,and latest certificate revocation list CRL is obtained from hard disk530, and is stored in CRL region 1514A as certificate revocation listCRL of memory card 110. Thereby, such a situation can be prevented thatmemory card 110 provides a license to a content reproducing circuit oranother license administration device, of which security is broken,e.g., due to leakage of a private key.

Referring to FIG. 27, after step S654 or S664, controller 1420 instructsdecryption processing unit 1404 to decrypt encrypted license {check-outtransaction ID//content ID//Kc//check-out ACm//ACp}Kmc4 with individualprivate decryption key Kmc4, and license (license key Kc, check-outtransaction ID, content ID, check-out ACm and reproduction controlinformation ACp) is accepted (step S666).

Controller 510 of personal computer 50 sends the entry number forstoring the license, which is moved to memory card 110, to reproductionterminal 102 via USB interface 550, terminal 580 and USB cable 70 (stepS667). Thereby, controller 1106 of reproduction terminal 102 receivesthe entry number via terminal 1114, USB interface 1112 and bus BS3, andstores license (license key Kc, check-out transaction ID, content ID,check-out ACm and reproduction control information ACp), which isobtained in step S666, in license region 1415B of memory 1415 designatedby the received entry number (step S668).

Controller 510 of personal computer 50 generates the licenseadministration file, which includes the entry number of license storedin memory 1415 of memory card 110 as well as the plaintext of check-outtransaction ID and the content ID, and corresponds to encrypted contentdata {Dc}Kc to be moved to memory card 110 and additional informationDc-inf, and sends the license administration file to memory card 110(step S669).

Controller 1420 of memory card 110 receives the license administrationfile via reproduction terminal 102, and records the received licenseadministration file in data region 1415C of memory 1415 (step S670).

License administration module 511 of personal computer 50 decrements theallowed check-out times by one (step S671), and produces new encryptedlevel-1 extended license by effecting unique encryption on thetransaction ID, content ID, license key Kc, access control informationACm, reproduction control information ACp and the updated check-outinformation (to which allowed check-out times, check-out transaction IDand individual public encryption key KPmc4 of memory card 110 of thecheck-out destination are added). The encrypted license data thusproduced is written into hard disk 530 for updating the level-1 extendedlicense of the license administration file recorded on hard disk 530(step S672). Individual public encryption key KPmc4 of the check-outdestination is stored in a tamper resistant module of the memory card,has a value peculiar to the memory card, and is obtained via acommunication system having a high security level ensured byauthentication and encryption. Therefore, individual public encryptionkey KPmc4 can be suitably used as identification information forspecifying or identifying the memory card.

License administration module 511 obtains encrypted content data {Dc}Kcand additional information Dc-inf, which are to be checked out to memorycard 110, from hard disk 530, and sends data {Dc}Kc//Dc-inf to memorycard 110 (step S674). Controller 1420 of memory card 110 receives data{Dc}Kc//Dc-inf via reproduction terminal 102 (step S676), and recordsdata {Dc}Kc//Dc-inf, which is received via bus BS4, as the content filein data region 1415C of memory 1415 (step S678).

Thereby, license administration module 511 of personal computer 50prepares the reproduction list additionally including the tunes (stepS680), which are checked out to memory card 110, and sends thereproduction list and the instruction of rewriting the reproduction listto memory card 110 (step S682). Controller 1420 of memory card 110receives the reproduction list and the rewriting instruction viareproduction terminal 102 (step S684), and writes the receivedreproduction list file via bus BS4 into data region 1415C of memory 1415to renew the reproduction list file recorded therein (step S686).Thereby, the check-out operation ends (step S688).

As described above, it is determined that memory card 110 attached toreproduction terminal 102 is the regular device, and at the same time,it is determined that class public encryption key KPm3, which isencrypted and sent together with class certificate Cm3, is valid. Afterdetermining these facts, the content data can be checked out only inresponse to the request for check-out to the memory card having classcertificate Cm3 not listed in the certificate revocation list, i.e., inthe list of the class certificates having the broken class publicencryption key KPm3. Therefore, it is possible to inhibit the check-outto an unauthorized memory card as well as the check-out using thedescrambled or broken class key.

The encryption keys produced in the license administration module andthe memory card are transmitted between them. Each of the licenseadministration module and the memory card executes the encryption withthe received encryption key, and sends the encrypted data to the otherso that the mutual authentication can be practically performed even whensending and receiving the encrypted data, and it is possible to improvethe security in the operation of checking out the encrypted content dataand the license.

By using the check-out operation described above, even the user ofreproduction terminal 102 not having a function of communicating withdistribution server 10 can receive the encrypted content data and thelicense, which are received by software of personal computer 50, on thememory card. This improves the user's convenience.

[Check-In]

In the data distribution systems shown in FIGS. 1 and 2, the encryptedcontent data and the license, which are checked out to memory card 110from license administration module 511 of personal computer 50, arereturned to license administration module 511. Description will now begiven on this returning operation, which is referred to as “check-in”.

FIGS. 28-30 are first to third flow charts illustrating the check-inoperation for returning the encrypted content data and the license,which were checked out to memory card 110 in the check-out operationalready described with reference to FIGS. 24-27. Cellular phone 100 andreproduction terminal 102 likewise operate merely to relay data even inthe check-in, and therefore are not illustrated in the flow charts. Thefollowing description is given on the case where shift is performed frommemory card 110 attached to reproduction terminal 102 shown in FIG. 2.However, shift from memory card 110 attached to cellular phone 100 shownin FIG. 1 can be performed in a similar manner except for thatreproduction terminal 102 is replaced with cellular phone 100.

Before the processing illustrated in FIG. 28, the user of personalcomputer 50 determines the content, which is to be checked in, inaccordance with the content list file, and the license administrationfile, which is recorded on hard disk 530 and corresponds to the contentthus determined, as well as the content file and the licenseadministration file recorded in memory card 110 are specified. Thefollowing description is based on the premise that the above operationis already performed.

Referring to FIG. 28, when the user enters a check-in request viakeyboard 560 of personal computer 50 (step S700), license administrationmodule 511 obtains the encrypted level-1 extended license data from thelicense administration file recorded on hard disk 530, and decrypts itto obtain license (transaction ID, content ID, license key Kc, accesscontrol information ACm and reproduction control information ACp) andcheck-out information (allowed check-out times, check-out transaction IDand individual public encryption key KPmcx of the memory card of thecheck-out destination) (step S702). License administration module 511sends a request for sending of the authentication data to reproductionterminal 102 via USB interface 550, terminal 580 and USB cable 70 (stepS704). Thereby, controller 1106 of reproduction terminal 102 receivesthe request for the authentication data via terminal 1114, USB interface1112 and bus BS3, and sends the request for the authentication data tomemory card 110 via bus BS3 and memory card interface 1200. Controller1420 of memory card 110 receives the request for the authentication datavia terminal 1426, interface 1424 and bus BS4 (step S706).

When controller 1420 receives the request for the authentication data,it reads out authentication data {KPm3//Cm3}KPa2 from authenticationdata holding unit 1400 via bus BS4, and outputs authentication data{KPm3//Cm3}KPa2 thus read to reproduction terminal 102 via bus BS4,interface 1424 and terminal 1426. Controller 1106 of reproductionterminal 102 receives authentication data {KPm3//Cm3}KPa2 via memorycard interface 1200 and bus BS3, and sends authentication data{KPm3//Cm3}KPa2 to personal computer 50 via bus BS3, USB interface 1112,terminal 1114 and USB cable 70 (step S708).

Thereby, license administration module 511 of personal computer 50receives authentication data {KPm3//Cm3}KPa2 via terminal 580 and USBinterface 550 (step S710), and decrypts received authentication data{KPm3//Cm3}KPa2 with public authentication key KPa2 at level 2 (stepS712). License administration module 511 performs the authenticationprocessing based on the result of decryption for determining whether theprocessing is performed correctly or not, and thus whether it receivesor not the authentication data, which is encrypted for certifying itsvalidity by a regular system, for authenticating the fact that memorycard 110 holds class public encryption key KPm3 and class certificateCm3 provided from the regular memory card (step S714). When it isdetermined that the authentication data is valid, license administrationmodule 511 approves and accepts class public encryption key KPm3 andclass certificate Cm3. Then, processing is performed in a step S716.When the authentication data is not valid, license administration module511 does not approve class public encryption key KPm3 and classcertificate Cm3, and the processing ends without accepting these keys(S770).

When it is determined by the authentication processing that the memorycard is a regular card, license administration module 511 produces adummy transaction ID (step S716). The dummy transaction ID necessarilytakes a value different from all the transaction IDs stored in memorycard 110, and is produced as a transaction ID for local use. Licenseadministration module 511 produces session key Ks22 for check-in (stepS718), and encrypts session key Ks22 thus produced with class publicencryption key KPm3 sent from memory card 110 to produce encrypted data{Ks22}Km3 (step S720). License administration module 511 sends dummytransaction ID//{Ks22}Km3, which is prepared by adding dummy transactionID to encrypted data {Ks22}Km3, to reproduction terminal 102 via USBinterface 550, terminal 580 and USB cable 70 (step S722).

Referring to FIG. 29, controller 1106 of reproduction terminal 102receives dummy transaction ID//{Ks22}Km3 via terminal 1114, USBinterface 1112 and bus BS3, and sends dummy transaction ID//{Ks22}Km3thus received to memory card 110 via memory card interface 1200.Controller 1420 of memory card 110 receives dummy transactionID//{Ks22}Km3 via terminal 1426, interface 1424 and bus BS4 (step S724).Decryption processing unit 1422 receives encrypted data {Ks22}Km3 fromcontroller 1420 via bus BS4, and decrypts encrypted data {Ks22}Km3 withclass private decryption key Km3 sent from Km holding unit 1421.Thereby, decryption processing unit 1422 accepts session key Ks22 (stepS726). Session key generating unit 1418 generates session key Ks2 (stepS728). Controller 1420 obtains update date/time CRLdate of certificaterevocation list CRL from CRL region 1415A of memory 1415 via bus BS4,and provides the update date/time CRLdate thus obtained to selectorswitch 1446 (step S730).

Thereby, encryption processing unit 1406 encrypts session key Ks2,individual public encryption key KPmc4 and update date/time CRLdate,which are obtained by successively selecting the terminals of selectorswitch 1446, with session key Ks22, which is decrypted by decryptionprocessing unit 1404 and is obtained via terminal Pa of selector switch1442, to produce encrypted data {Ks2//KPmc4//CRLdate}Ks22. Controller1420 outputs encrypted data {Ks2//KPmc4//CRLdate}Ks22 to reproductionterminal 102 via bus BS4, interface 1424 and terminal 1426. Controller1106 of reproduction terminal 102 receives encrypted data{Ks2//KPmc4//CRLdate}Ks22 via memory card interface 1200. Controller1106 sends encrypted data {Ks2//KPmc4//CRLdate}Ks22 to personal computer50 via USB interface 1112, terminal 1114 and USB cable 70 (step S732).

License administration module 511 of personal computer 50 receivesencrypted data {Ks2//KPmc4//CRLdate}Ks22 via terminal 580 and USBinterface 550 (step S734), decrypts encrypted data{Ks2//KPmc4//CRLdate}Ks22 thus received with session key Ks22, andaccepts session key Ks2, individual public encryption key KPmc4 andupdate date/time CRLdate (step S736).

Then, license administration module 511 determines whether acceptedindividual public encryption key KPmc4 is included in the check-outinformation obtained from the license administration file recorded onhard disk 530, and thus whether it matches with individual publicencryption key KPmcx stored corresponding to check-out transaction ID ofthe license to be checked out (step S738). Individual public encryptionkey KPmc4 is included in the check-out information, which is updated atthe time of check-out of the encrypted content data and the license (seestep S672 in FIG. 27). Therefore, by preparing the check-outinformation, which includes individual public encryption key KPmc4corresponding to the destination of check-out of the encrypted contentdata and others, the check-out destination can be easily specified atthe time of check-in.

In step S738, if individual public encryption key KPmc4 is not includedin the check-out information, the check-in operation ends (step S770).In step S738, if individual public encryption key KPmc4 is included inthe check-out information, license administration module 511 encryptsdummy license including the dummy transaction ID, i.e., dummy license(dummy transaction ID, dummy content ID, dummy Kc, dummy ACm and dummyACp) with individual public encryption key KPmc4 to produce encrypteddata {dummy transaction ID//dummy content ID//dummy Kc//dummy ACm//dummyACp}Kmc4 (step S740).

License administration module 511 encrypts encrypted data {dummytransaction ID//dummy content ID//dummy Kc//dummy ACm//dummy ACp}Kmc4with session key Ks2 to produce encrypted data {{dummy transactionID//dummy content ID//dummy Kc//dummy ACm//dummy ACp}Kmc4}Ks2, and sendsencrypted data {{dummy transaction ID//dummy content ID//dummy Kc//dummyACm//dummy ACp}Kmc4}Ks2 to reproduction terminal 102 via USB interface550, terminal 580 and USB cable 70 (step S742).

Controller 1106 of reproduction terminal 102 receives encrypted data{{dummy transaction ID//dummy content ID//dummy Kc//dummy ACm//dummyACp}Kmc4}Ks2 via terminal 1114, USB interface 1112 and bus BS3.Controller 1106 sends encrypted data {{dummy transaction ID//dummycontent ID//dummy Kc//dummy ACm//dummy ACp}Kmc4}Ks2 thus received tomemory card 110 via bus BS3 and memory card interface 1200. Controller1420 of memory card 110 receives encrypted data {{dummy transactionID//dummy content ID//dummy Kc//dummy ACm//dummy ACp}Kmc4}Ks2 viaterminal 1426, interface 1424 and bus BS4 (step S744).

Referring to FIG. 30, decryption processing unit 1412 of memory card 110receives encrypted data {{dummy transaction ID//dummy content ID//dummyKc//dummy ACm//dummy ACp}Kmc4}Ks2 via bus BS4, decrypts it with sessionkey Ks2 generated by session key generating unit 1418, and acceptsencrypted data {dummy transaction ID//dummy content ID//dummy Kc//dummyACm//dummy ACp}Kmc4 (step S746). Decryption processing unit 1404receives encrypted data {dummy transaction ID//dummy content ID//dummyKc//dummy ACm//dummy ACp}Kmc4 from decryption processing unit 1412, anddecrypts encrypted data {dummy transaction ID//dummy content ID//dummyKc//dummy ACm//dummy ACp}Kmc4 thus received with individual privatedecryption key Kmc4 obtained from Kmc holding unit 1402 to accept dummylicense (dummy transaction ID, dummy content ID, dummy Kc, dummy ACm anddummy ACp) (step S748).

Controller 510 of personal computer 50 obtains an entry number from thelicense administration file, which is recorded in data region 1415C ofmemory card 110 and corresponds to the checked-in license, and sends itas the entry number for storing the dummy license to reproductionterminal 102 via USB interface 550, terminal 580 and USB cable 70 (stepS749). Thereby, controller 1106 of reproduction terminal 102 receivesthe entry number via terminal 1114, USB interface 1112 and bus BS3, andsends the received entry number to memory card 110 via bus BS3 andmemory card interface 1200. Controller 1420 of memory card 110 receivesthe entry number via interface 1424 and bus BS4, and stores dummylicense (dummy transaction ID, dummy content ID, dummy Kc, dummy ACm anddummy ACp), which is obtained in step S748, in license region 1415B ofmemory 1415 designated by the entry number thus received (step S750). Bywriting the dummy license over the license to be checked in, the licensechecked out to memory card 110 can be erased.

Thereafter, license administration module 511 of personal computer 50increments the allowed check-out times in the check-out information byone, and updates the check-out information by deleting the check-outtransaction ID and the individual public encryption key KPmc4 of thememory card of the check-out destination (step S752). Licenseadministration module 511 produces the encrypted extended license databy effecting unique encryption on the transaction ID, content ID,license key Kc, access control information ACm, reproduction controlinformation ACp and the updated check-out information, and updates thenew level-1 encrypted extended license in the license administrationfile recorded on hard disk 530 (step S754).

Then, license administration module 511 sends a deletion instruction fordeleting the content file (encrypted content data {Dc}Kc and additionalinformation Dc-inf) and the license administration file for the license,which is checked out and is recorded at data region 1415C in memory 1415of memory card 100, to reproduction terminal 102 via USB interface 550,terminal 580 and USB cable 70 (step S756). Controller 1106 ofreproduction terminal 102 receives the deletion instruction for thecontent file (encrypted content data {Dc}Kc and additional informationDc-inf) and the license administration file via terminal 1114, USBinterface 1112 and bus BS3, and outputs the deletion instruction for thecontent file (encrypted content data {Dc}Kc and additional informationDc-inf) and the license administration file, which is received via busBS3 and memory card interface 1200, to memory card 110. Thereby,controller 1420 of memory card 110 receives the deletion instruction forthe content file (encrypted content data {Dc}Kc and additionalinformation Dc-inf) and the license administration file via terminal1426, interface 1424 and bus BS4 (step S758). Controller 1420 deletesthe content file (encrypted content data {Dc}Kc and additionalinformation Dc-inf) and the license administration file, which arerecorded at data region 1415C in memory 1415, via bus BS4 (step S760).

License administration module 511 of personal computer 50 prepares thereproduction list, from which the checked-in tunes are deleted (stepS762), and sends the reproduction list and the instruction for rewritingthe reproduction list to memory card 110 (step S764). Controller 1420 ofmemory card 110 receives the reproduction list file and the rewritinginstruction via reproduction terminal 102 (step S766), and writes thereceived reproduction list file into data region 1415C of memory 1415via bus BS4 to renew the reproduction list file written therein (stepS768). Thereby, the check-in operation ends (step S770).

As described above, the encrypted content data and the license arereturned from the opposite side, to which the encrypted content data andthe license are checked out. The license is checked out from the licenseadministration module of a low security level inhibiting the shift tothe memory card of a high security level, and the memory card canreceive the license obtained by the license administration module of thelow security level. Therefore, the encrypted content data can bereproduced for enjoyment by the reproduction terminal with the licenseobtained by the license administration module of the low security level.

The license checked out to the memory card cannot be output from thememory card to another recording device (memory card, licenseadministration device or license administration module) according tospecifications in access control information ACm. Therefore, thelicense, which was checked out, does not leak. By returning or checkingin the license, which was checked out, to the original licenseadministration module, the right of the license, which was checked out,returns to the original license administration module. In practice, thisis achieved by the erasing the license and the encrypted content data inmemory card 110 in accordance with the instruction from the licenseadministration module. Accordingly, the system described above allowsneither the unauthorized copy nor the lowering of the security level,and can secure the copyright.

[Reproduction]

Referring to FIGS. 31 and 32, description will now be given on areproducing operation of reproduction terminal 102 (which will also bereferred to as the “content reproducing device” hereinafter) forreproducing the contents (encrypted content data and license), which arerecorded in memory card 110 by distribution, shift, copy or check-out.Before the processing illustrated in FIG. 31, the user of reproductionterminal 102 determines the contents (song or tune) to be reproduced inaccordance with the reproduction list, which is recorded at data region1415C in memory card 110, specifies the content file and obtains thelicense administration file. The following description is based on thepremise that the above operation is already performed.

Referring to FIG. 31, upon start of the reproduction, the user ofreproduction terminal 102 provides the reproduction instruction throughconsole panel 1108 to reproduction terminal 102 (step S800). Thereby,controller 1106 reads out authentication data {KPp1//Cp1}KPa2 fromauthentication data holding unit 1500 via bus BS3, and outputsauthentication data {KPp1//Cp1}KPa2 to memory card 110 via memory cardinterface 1200 (step S802).

Thereby, memory card 110 accepts authentication data {KPp1/Cp1}KPa2(step S804). Decryption processing unit 1408 of memory card 110 decryptsaccepted authentication data {KPp1//Cp1}KPa2 with public authenticationkey KPa2 held in-KPa holding unit 1414 (step S806), and controller 1420performs the authentication processing based on the result of decryptionin decryption processing unit 1408. This authentication processing isperformed for determining whether authentication data {KPp1//Cp1}KPa2 isthe regular authentication data or not (step S808). If it cannot bedecrypted, the operation moves to a step S848, and the reproductionoperation ends. When the authentication data can be decrypted,controller 1420 determines whether class certificate Cp1 obtainedthereby is included in certificate revocation list CRL read from CRLregion 1415A in memory 1415 or not (step S810). In this case, anidentification code is assigned to class certificate Cp1, and controller1420 determines whether the identification code of accepted classcertificate Cp1 is listed in certificate revocation list CRL or not.When it is determined that class certificate Cp1 is listed incertificate revocation list CRL, the operation moves to a step S848, andthe reproduction operation ends.

Further, KPa holding unit 1414 of memory card 110 holds only the publicauthentication key at level 2 so that the reproduction in response tothe access from a unit at a low security level of level 1 is stopped instep S808.

When it is determined in step S810 that class certificate Cp1 is notincluded in certificate revocation list CRL, session key generating unit1418 of memory card 110 generates session key Ks2 for reproductionsession (step S812). Encryption processing unit 1410 encrypts sessionkey Ks2 provided by session key generating unit 1418 with class publicencryption key KPp1, which is decrypted by decryption processing unit1408, and outputs encrypted data {Ks2}Kp1 onto bus BS3 (step S814).Thereby, controller 1420 outputs encrypted data {Ks2}Kp1 to memory cardinterface 1200 via interface 1424 and terminal 1426 (step S816).Controller 1106 of reproduction terminal 102 obtains encrypted data{Ks2}Kp1 via memory card interface 1200. Kp1 holding unit 1502 outputsclass private decryption key Kp1 to decryption processing unit 1504.

Decryption processing unit 1504 decrypts encrypted data {Ks2}Kp1 withclass private decryption key Kp1, which is paired with class publicencryption key KPp1, and outputs session key Ks2 to encryptionprocessing unit 1506 (step S818). Thereby, session key generating unit1508 generates session key Ks3 for reproduction session, and outputssession key Ks3 to encryption processing unit 1506 (step S820).Encryption processing unit 1506 encrypts session key Ks3 provided bysession key generating unit 1508 with session key Ks2 sent fromdecryption processing unit 1504, and thereby provides encrypted data{Ks3}Ks2. Controller 1106 outputs encrypted data {Ks3}Ks2 to memory card110 via bus BS3 and memory card interface 1200 (step S822).

Thereby, decryption processing unit 1412 of memory card 110 inputsencrypted data {Ks3}Ks2 via terminal 1426, interface 1424 and bus BS4(step S824).

Referring to FIG. 32, decryption processing unit 1412 decrypts encrypteddata {Ks3}Ks2 with session key Ks2 generated by session key generatingunit 1418, and accepts session key Ks3 produced in reproduction terminal102 (step S826).

Controller 1106 of reproduction terminal 102 obtains the entry number,at which the license is stored, from the license administration file ofthe reproduction request tunes obtained in advance from memory card 110,and outputs the obtained entry number to memory card 110 via memory cardinterface 1200 (step S827).

In accordance with input of the entry number, controller 1420 determinesaccess control information ACm (step S828).

In step S828, access control information ACm, which is the informationrelating to the restriction on the access to the memory, is determined.More specifically, the allowed reproduction times are determined. If thereproduction is already impossible, the reproduction operation ends. Ifthe allowed reproduction times in access control information ACm arerestricted, the allowed reproduction times in access control informationACm are updated (decremented by one), and then the operation moves to anext step (step S830). If the reproduction times in access controlinformation ACm do not restrict the reproduction, step S830 is skipped,and the operation moves to a next step (step S832) without updating theallowed reproduction times in access control information ACm.

When it is determined in step S828 that the reproduction can beperformed in the current reproduction operation, license key Kc andreproduction control information ACp, which are recorded at licenseregion 1415B in memory 1415, of the requested tune are output onto busBS4 (step S832).

License key Kc and reproduction control information ACp thus obtainedare sent to encryption processing unit 1406 via a contact Pf of selectorswitch 1446. Encryption processing unit 1406 encrypts license key Kc andreproduction control information ACp received via selector switch 1446with session key Ks3, which is received from decryption processing unit1412 via contact Pb of selector switch 1442, and provides encrypted data{Kc//ACp}Ks3 onto bus BS4 (step S834).

Encrypted data {Kc//ACp}Ks3 on bus BS4 is sent to reproduction terminal102 via interface 1424, terminal 1426 and memory card interface 1200.

In reproduction terminal 102, decryption processing unit 1510 decryptsencrypted data {Kc//ACp}Ks3 transmitted onto bus BS3 via memory cardinterface 1200, and license key Kc and reproduction control informationACp are accepted (step S836). Decryption processing unit 1510 transmitslicense key Kc to decryption processing unit 1516, and providesreproduction control information ACp onto bus BS3.

Controller 1106 accepts reproduction control information ACp via busBS3, and determines whether the reproduction is allowed or not (stepS840).

When it is determined in step S840 from reproduction control informationACp that the reproduction is not allowed, the reproduction operationends.

When it is determined in step S840 that the reproduction is allowed,controller 1106 requests encrypted content data {Dc}Kc to memory card110 via memory card interface 1200. Thereby, controller 1420 of memorycard 110 obtains encrypted content data {Dc}Kc from memory 1415, andoutputs it to memory card interface 1200 via bus BS4, interface 1424 andterminal 1426 (step S842).

Controller 1106 of reproduction terminal 102 obtains encrypted contentdata {Dc}Kc via memory card interface 1200, and provides encryptedcontent data {Dc}Kc to decryption processing unit 1516 via bus BS3.

Decryption processing unit 1516 decrypts encrypted content data {Dc}Kcwith license key Kc sent from decryption processing unit 1510 to obtaincontent data Dc (step S844).

Content data Dc thus decrypted is output to music reproducing unit 1518.Music reproducing unit 1518 reproduces content data Dc, and D/Aconverter 1519 converts digital signals into analog signals, and outputsthem to terminal 1530. The music data is output from terminal 1530 viathe external output device to headphones 130, and is reproduced (stepS846). Thereby, the reproduction operation ends.

The description has been given on the case where reproduction terminal102 reproduces the encrypted content data recorded on memory card 110.However, content reproducing device 1550 shown in FIG. 7 may beincorporated into personal computer 50, whereby it can reproduce theencrypted content data received by the license administration module 511and license administration device 520.

Referring to FIG. 33, description will now be given on theadministration of the encrypted content data and the license received bylicense administration module 511 or license administration device 520of personal computer 50. Hard disk 530 of personal computer 50 includesa content list file 150, five content files 1531-1535 and five licenseadministration files 1521-1525.

Content list file 150 is a data file describing the owned contents in alist format, and includes information (e.g., title of tune and name ofartist) about each content as well as information (file names)representing the content file and license administration file.Information about each content is mentioned automatically or inaccordance with the instruction of the user by obtaining necessaryinformation from additional information Dc-inf at the time of reception.The contents, which include only the content file or only the licenseadministration file, and thus cannot be reproduced, can also beadministered in the list.

Content files 1531-1535 are files storing encrypted content data {Dc}Kcand additional information Dc-inf, which are received by licenseadministration module 511 or license administration device 520, andthese files are provided for each content.

License administration files 1521-1525 are recorded corresponding tocontent files 1531-1535, respectively, and are employed foradministering the license received by license administration module 511or license administration device 520. As can be seen from thedescription already made, it is usually impossible to refer to thelicense, and information other that license key Kc does not cause aproblem relating to copyright unless the user can rewrite it. However,it is not preferable to administer license key Kc and the otherinformation separately or independently of each other when operating thesystem because this may lower the security level. Accordingly, whenreceiving the distributed license, the transaction ID and content ID,which can be referred to as information of plaintext, as well as copiesof matters restricted by access control information ACm and reproductioncontrol information ACp, which can be easily determined from licensepurchase conditions AC, are recorded in the form of plaintext. When thelicense is recorded in the license administration device 520, the entrynumber is recorded, and the encrypted level-1 extended license (licenseand check-out information) is recorded for the license, which isadministered by license administration module 511. The encrypted level-1extended license is prepared by unique encryption effected by licenseadministration module 511. This unique encryption is linked withinformation, which can be obtained from personal computer 50 and canspecify personal computer 50, such as an individual number of thecontroller (CPU) of each personal computer 50 and/or a version number ofBIOS, which is a startup program of the personal computer. Therefore,the encrypted level-1 extended license thus produced forms the licensepeculiar to personal computer 50, and copy thereof is meaningless forother devices. License region 5215B in memory 5215 of licenseadministration device 520 is a record region formed of a tamperresistant module, which records the license at a high security level(level 2) ensuring the security by hardware. It includes entries of N innumber for recording the license (license key Kc, reproduction controlinformation ACp, access control information ACm and license ID).

The encrypted content data corresponding to the license administered bylicense administration device 520 is formed of content files 1531 and1534, which correspond to license administration files 1521 and 1524,respectively.

License administration files 1521 and 1524 include entry numbers 0 and1, respectively. These indicate the administration regions of thelicenses (license ID, license key Kc, access control information ACm andreproduction control information ACp) administered at license region5215B in memory 5215 of license administration device 520.

When encrypted content data of the file name recorded in content file1531 is moved to memory card 110 attached to cellular phone 100 orreproduction terminal 102, a search is performed through content file150 to specify content file and license administration file. Byreferring to the license administration file, it is possible todetermine the place where the license for reproducing the encryptedcontent data is determined. Since license administration file 1521corresponding to content file 1531 includes the entry number of “0”, thelicense for reproducing the encrypted content data of the file namerecorded in content file 1531 is recorded at the region, which isdesignated by the entry number of “0”, in license region 5215B of memory5215 of license administration device 520. Thereby, the entry number “0”is read from license administration file 1521 recorded on hard disk 530,and is entered into license administration device 520 so that thelicense can be easily taken and shifted from license region 5215B inmemory 5215 to memory card 110. After the license is shifted, thelicense of the designated entry number is deleted from license region5215B of memory 5215 (see steps S454 and 466 in FIG. 22) so that “nolicense” is recorded as is done in license administration file 1523 (seestep S486 in FIG. 23).

License administration file 1523 includes “no license”. This resultsfrom the shift of the license received by license administration device520. Corresponding content file 1533 is still kept on hard disk 530.When the license is to be shifted again from memory card 110, or whenthe license distributed from distribution server 10 is to be receivedagain, it is possible to receive only the distributed license.

The encrypted content data corresponding to the license administered bylicense administration module 511 is formed of content files 1532 and1535. The license corresponding to these files are recorded as encryptedlevel-1 extended licenses in license administration files 1522 and 1525,respectively (see step S278 in FIG. 17). This is because the licenseadministration module 511 receives the encrypted content data and thelicense by software, and therefore the license is recorded as a file onhard disk 530 instead of writing it in license administration device520.

For example, when the encrypted content data of the file name recordedon content file 1533 is to be checked out to memory card 110 attached toreproduction terminal 102, a search is performed through content file150 to specify the license administration files 1521 and 1523corresponding to content files 1531 and 1533, and thereby the check-outinformation, license and others can be read from license administrationfiles 1521 and 1523.

According to the invention, the encrypted content data and the licensereceived by license administration module 511 and the encrypted contentdata and the license received by license administration device 520 areadministered in the same format. Thus, the encrypted content data andthe license, which are received at different security levels (levels 1and 2), are administered with the uniform format. Thereby, even when theencrypted content data and the license are received at differentsecurity levels, respectively, the encrypted content data can be freelyreproduced without lowering the respective security levels whilesecuring the copyright.

FIG. 34 illustrates license region 1415B and data region 1415C in memory1415 of memory card 110. In data region 1415C, there are recordedreproduction list file 160, content files 1611-161 n and licenseadministration files 1621-162 n. The content files of n in number areregistered in the reproduction list file. Each of content files 1611-161n includes encrypted content data {Dc}Kc and additional informationDc-inf, which are recorded therein as one file. License administrationfiles 1621-162 n are recorded corresponding to content files 1611-16 in,respectively.

From the viewpoint of structure, data region 1415C in memory 1415 ofmemory card 110 corresponds to hard disk 530 in FIG. 33, and licenseregion 1415B in memory 1415 of memory card 110 corresponds to licenseregion 5215B in memory 5215 of license administration device 520. Whenviewed as files for storing respective data, reproduction list file 160corresponds to content file list 150 in FIG. 33. The contents describedtherein are the same. In cellular phone 100 and reproduction terminal102 each carrying memory card 110, reproduction list file 160 isreferred to, and the reproduction is performed in the order ofarrangement of the contents described in reproduction list file 160. Thefiles for such a use is referred to as the reproduction file. Contentfiles 1611-161 n are files storing encrypted content data {Dc}Kc andadditional information Dc-inf, and the formats thereof are the same asthose of content files 1531-1535 in FIG. 33. By the operation ofshift/copy or check-out from personal computer 50 to memory card 110,one of content files 1531-1535 stored in hard disk 530 of personalcomputer 50 is duplicated to data region 1415C in memory 1415 of memorycard 110 as it is. License administration files 1621-162 n achieve thesame functions as license administration files 1521-1525 in FIG. 33, andthe formats thereof are the same as those of license administrationfiles 1521 and 1524 corresponding to the license administered by licenseadministration device 520 in FIG. 33.

This is because memory card 110 is configured to administer the licensewith safety by effectively utilizing its features as the removal device,and therefore is configured to administer the license at the securitylevel ensuring the security by hardware. Therefore, the license sendingoperation “shift/copy” for sending from level 2 to level 2 and thelicense sending operation “check-out” for sending from level 1 to level2 are defined as the operations for sending the license from personalcomputer 50 to memory card 110.

License administration file 1622 is depicted by dotted line. Thisrepresents that license administration file 1622 is not practicallyrecorded. In the illustrated situation, content file 1622 is present,but cannot be reproduced for lack of license. This corresponds to thecase where reproduction terminal has received only the encrypted contentdata from another cellular phone.

Content file 1613 is depicted by dotted line. This represents, forexample, such a case that the reproduction terminal receives theencrypted content data and the license from distribution server 10, andsent only the encrypted content data thus received to another cellularphone. This means that the license is present in memory 1415 but theencrypted content data is not present therein.

According to the first embodiment, the content list file recorded on thehard disk of the personal computer administers the license of theencrypted content data, which are obtained at different security levels,while linking the respective licenses with the encrypted content data,respectively. Therefore, the license obtained at different securitylevels can be administered in the same format.

SECOND EMBODIMENT

In the first embodiment, which has been described, the encrypted contentdata and the license obtained from distribution server 10 or music CD 60by license administration module 511 of personal computer 50 are handledas the encrypted content data and the license with the security leveldifferent from that of the encrypted content data and the licenseobtained from distribution server 10 by license administration device520.

In a second embodiment, which will now be described, the encryptedcontent data and the license obtained from distribution server 10 ormusic CD 60 by license administration module 511 of personal computer 50are handled with a security level, which is close to a security level ofthe encrypted content data and the license received from distributionserver 10 by license administration device 520.

In the second embodiment, a binding key is employed for handling theencrypted content data and the license, which are obtained fromdistribution server 10 or music CD 60 by license administration module511, with a security level close to a security level of the encryptedcontent data and the license obtained from distribution server 10 bylicense administration device 520. Thereby, the encrypted content dataand the license obtained by the software (license administration module)can be sent to the personal computer provided with the licenseadministration device having the same function according to the conceptof “shift”.

For allowing the above, access control information ACm, which isdescribed below, additionally includes a new security level allowingoutput of a license, and is formed of three items of the allowedreproduction times, the shift/copy flag and the security flag (1: level1, 2: level 2). The security flag takes the value indicating the minimumlevel, which is required in the receiver or destination for receivingthe license. The security flag at the level 2 (=2) represents that theflag allows the output to the license administration device and thememory card holding the security by the hardware and having theauthentication data at level 2. The security flag at the level 1 (=1)represents that the license can be provided to the receiveradministering the license at the security level of one or more, and thusto both the destinations at levels 1 and 2.

Further, KPa holding unit 5214 of license administration device 520holds public authentication keys KPa1 and KPa2 at two levels, andselectively outputs them in accordance with the received authenticationdata. In the determination from access control information ACp, thedetermination from the security level is performed based on the securityflag in access control information ACm included in the license and thesecurity level of the destination. The security level of the destinationis decoded with the provided authentication data of the distribution.

FIG. 35 illustrates a binding license required for encrypting andadministering the encrypted content data and the license, which areobtained by the software (license administration module), in a mannerlinked with the license administration module for allowing shift toanother personal computer, and also illustrates check-out administrationinformation in the check-out session for checking out the encryptedcontent data and the license, which are obtained by the software, tomemory card 110.

The binding license is formed of the level-1 license for reproducing theencrypted content data, a binding key, which is a symmetric key forencrypting the information relating to the check-out of the license toachieve the soft tamper resistant module, control information ACmb andACpb for the binding license, a transaction IDb (i.e., a transaction IDfor the binding license), a content IDb (i.e., a dummy for binding ID),and a binding ID generally representing transaction IDb and content IDb.Thus, the binding license is prepared based on the premise that it isrecorded as the license in the license administration device, andtherefore has the same structure as the license.

Binding key Kb is used for administering the license of the encryptedcontent data obtained by the software, and is held by hardware. It isimpossible to take out the license without using binding key Kb held bythe hardware. Control information ACmb and ACpb correspond toinformation ACm and ACp included in the license for reproducing theencrypted content data, and take the fixed values, respectively.According to information ACmb, the allowed reproduction times are notrestricted (=255), the shift/copy flag inhibits the copy (=0), and thesecurity flag indicates level 1 (=1). According to information ACpb, thereproduction period is not restricted.

The check-out administration information is formed of the allowedcheck-out times, check-out destination unique ID, and a check-outtransaction ID (i.e., transaction ID at the time of the check-out). Theallowed check-out times represent the allowed times of the check-out ofthe encrypted content data, and are decremented by one upon everycheck-out of the encrypted content data. The check-out destinationunique ID is identification information for specifying the memory card,to which the encrypted content data is to be checked out, and individualpublic encryption key KPmcx held by the memory card corresponds to thischeck-out destination unique ID. The check-out transaction ID is atransaction ID for local use at the time of performing the check-out.

Description will now be given on operations in respective sessions ofthe data distribution systems shown in FIGS. 1 and 2 according to thesecond embodiment.

[Initialization]

Initialization is performed as follows before personal computer 50receives the encrypted content data and the license distributed fromdistribution server 10.

FIGS. 36-38 are first to third flow charts for illustrating theinitialization, which is performed before personal computer 50 receivesthe encrypted content data and the license from distribution server 10,respectively.

Referring to FIG. 36, when a request for production of a binding licenseis entered via keyboard 560 (step S900), license administration module511 produces binding key Kb (step S902), and then produces transactionIDb, content IDb and predetermined control information ACmb and ACpb(step S904). Processing in steps S902 and S904 is performed forproducing the binding license.

License administration module 511 instructs license administrationdevice 520 to output authentication data via bus BS2 (step S906).

Thereby, controller 5220 of license administration device 520 receivesthe instruction for output of the authentication data via terminal 5226,interface 5224 and bus BS5, obtains authentication data {KPm7//Cm7}KPa2from authentication data holding unit 5200 via bus BS5, and outputsauthentication data {KPm7//Cm7}KPa2 via bus BS5 interface 5224 andterminal 5226 (step S908). License administration module 511 receivesauthentication data {KPm7//Cm7}KPa2 via bus BS2 (step S910), anddecrypts authentication data {KPm7//Cm7}KPa2 with public authenticationkey KPa2 at level 2 (step S912).

License administration module 511 performs the authentication processingbased on the result of decryption for determining whether the processingis performed correctly or not, and thus whether it receives or not theauthentication data, which is encrypted for certifying its validity by aregular system, for authenticating the fact that license administrationdevice 520 holds class public encryption key KPm3 and class certificateCm3 provided from the regular license administration module (step S914).When it is determined that the regular authentication data is received,license administration module 511 approves and accepts class publicencryption key KPm7 and class certificate Cm7. Then, the operation movesto a next step S916. When the authentication data is not valid, licenseadministration module 511 does not approve class public encryption keyKPm7 and class certificate Cm7, and the processing ends withoutaccepting these keys (step S958).

When it is determined from the result of the authentication processingthat the regular device is used, encrypted CRL recorded on hard disk 530is read and decrypted for determining whether class certificate Cm7 oflicense administration device 520 is listed in certificate revocationlist CRL administered by the license administration module or not. Whenclass certificate Cm7 is listed in certificate revocation list CRL, theinitialization is terminated in this stage (step S958).

When class certificate Cm7 in license administration device 520 is notlisted in certificate revocation list CRL, the processing moves to anext step (step S916).

When it is determined from the result of the authentication processingthat the access is made from the license administration device havingthe regular authentication data, and the class certificate is not listedin certificate revocation list CRL, the license administration module511 produces a session key Ks2 a (step S918).

Referring to FIG. 37, license administration module 511 encrypts sessionkey Ks2 a with class public encryption key KPm7 to produce encrypteddata {Ks2 a}Km7 (step S920), and provides encrypted data {Ks2 a}Km7 tolicense administration device 520 via bus BS2 (step S922). Controller5220 of license administration device 520 receives encrypted data {Ks2a}Km7 via terminal 5226, interface 5224 and bus BS5, and decryptionprocessing unit 5222 decrypts encrypted data {Ks2 a}Km7 with classprivate decryption key Km7 provided from Km holding unit 5221, andaccepts session key Ks2 a (step S924). In response to acceptance ofsession key Ks2 a, controller 5220 controls session key generating unit5218 to generate a session key Ks2 b. Thereby, session key generatingunit 5218 generates session key Ks2 b (step S926), and controller 5220obtains update date/time CRLdate of certificate revocation list CRL fromCRL region 5215A in memory 5215 via bus BS5, and provides the updatedate/time CRLdate thus obtained to selector switch 5246 via bus BS5(step S928). Thereby, encryption processing unit 5206 encryptsindividual public encryption key KPmc8 and update date/time CRLdate withsession key Ks2 a provided from decryption processing unit 5222.Controller 5220 outputs encrypted data {Ks2 b//KPmc8//CRLdate}Ks2 a onbus BS5 via interface 5224 and terminal 5226 (step S930).

License administration module 511 receives encrypted data {Ks2b//KPmc8//CRLdate}Ks2 a via bus BS2, and decrypts encrypted data {Ks2b//KPmc8//CRLdate}Ks2 a with session key Ks2 a to accept session key Ks2b, individual public encryption key KPmc8 and update date/time CRLdate(step S932). License administration module 511 encrypts the bindinglicense (transaction IDb, content IDb, binding key Kb and controlinformation ACmb and ACpb) produced in steps S12 and S14 with individualpublic encryption key KPmc8 to produce encrypted data {transactionIDb//content IDb//Kb//ACmb//ACpb}Kmc8 (step S934).

Referring to FIG. 38, license administration module 511 performs acomparison between update date/time CRLdate of the certificaterevocation list sent from license administration device 520 and theupdate date/time of certificate revocation list CRL, which is held onhard disk 530 in the encrypted form and is administered by licenseadministration module 511, for determining the newer certificaterevocation list. When certificate revocation list CRL of licenseadministration device 520 is newer than the other, the operation movesto a step S48. When certificate revocation list CRL of licenseadministration module 511 is newer than the other, the operation movesto a step S52 (step S936).

When it is determined that certificate revocation list CRL of licenseadministration device 520 is newer than the other, licenseadministration module 511 encrypts encrypted data {transactionIDb//content IDb//Kb//ACmb//ACpb}Kmc8 with session key Ks2 b generatedby license administration device 520 to provide encrypted data{{transaction IDb//content IDb//Kb//ACmb//ACpb}Kmc8}Ks2 b to licenseadministration device 520 via bus BS2 (step S938).

Controller 5220 of license administration device 520 receives encrypteddata {{transaction IDb//content IDb//Kb//ACmb//ACpb}Kmc8}Ks2 b viaterminal 5226 and interface 5224, and decrypts it with session key Ks2 bgenerated by session key generating unit 5218 to accept encrypted data{transaction IDb//content IDb//Kb//ACmb//ACpb}Kmc8 (step S940).Thereafter, the operation moves to a step S950.

When license administration module 511 determines that certificaterevocation list CRL of license administration module 511 is newer thanthe other, license administration module 511 obtains a unit, which wasupdated after update date/time CRLdate, of certificate revocation listCRL administered by license administration module 511 for updatingcertificate revocation list CRL held by license administration device520 (step S942).

License administration module 511 encrypts differential CRL of thecertificate revocation list and encrypted data {transaction IDb//contentIDb//Kb//ACmb//ACpb}Kmc8 with session key Ks2 b produced by licenseadministration device 520, and provides encrypted data {differentialCRL//{transaction IDb//content IDb//Kb//ACmb//ACpb}Kmc8}Ks2 b to licenseadministration device 520 via bus BS2 (step S944).

Controller 5220 of license administration device 520 controls decryptionprocessing unit 5212 to decrypt the received data, which is providedonto bus BS5 via terminal 5226 and interface 5224. Decryption processingunit 5212 decrypts the received data on bus BS5 with session key Ks2 bprovided from session key generating unit 5218, and provides its ontobus BS5 (step S946).

In this stage, bus BS5 is supplied with encrypted data {transactionIDb//content IDb//Kb//ACmb//ACpb}Kmc8, which can be decrypted withindividual private decryption key Kmc8 held by Kmc holding unit 5202,and differential CRL (step S946). In accordance with the instruction ofcontroller 5220, differential CRL is added to certificate revocationlist CRL held in CRL region 5215A of memory 5125 for updating it (stepS948).

The operations in steps S938 and S940 is performed for sending bindingkey Kb and others to license administration device 520 when certificaterevocation list CRL of license administration device 520 on the receiverside is newer than certificate revocation list CRL of licenseadministration module 511 on the sender side. The operations in stepsS942, 944, 946 and 948 are performed for sending binding key Kb andothers to license administration device 520 when certificate revocationlist CRL of license administration module 511 on the sender side isnewer than certificate revocation list CRL of license administrationdevice 520 on the receiver side. In this manner, a comparison is madebetween dates and times CRLdate of the certificate revocation list sentfrom license administration device 520, and differential CRL, which isthe differential data of the certificate revocation list, is obtainedfrom hard disk 530 and is sent to license administration device 520 whencertificate revocation list CRL on the receiver side is older thancertificate revocation list CRL on the sender side. Thereby, the latestcertificate revocation list CRL can always be held.

After step S940 or S948, decryption processing unit 5204 decryptsencrypted data {transaction IDb//content IDb//Kb//ACmb//ACpb}Kmc8 withprivate decryption key Kmc8 in accordance with the instruction ofcontroller 5220 so that the binding license (binding key Kb, transactionIDb, content IDb, and control information ACm and ACp) is accepted (stepS950).

License administration module 511 provides the entry number “0” forstoring the binding license to license administration device 520 (stepS952), and controller 5220 of license administration device 520 receivesentry number “0” via terminal 5226, interface 5224 and bus BS5, andstores the binding license (transaction IDb, content IDb, binding keyKb, and control information ACm and ACp) at a region, which isdesignated by the received entry number “0”, in license region 5215B ofmemory 5215 (step S954).

License administration module 511 confirms the region in licenseadministration device 520 for recording binding key Kb, and makespreparations for registration through a series of operations orprocessing from step S906 in FIG. 36 to step S932 in FIG. 37. Thisprocessing is referred to as a “device confirming processing”. A seriesof operations of processing performed for storing binding key Kb inlicense region 5215B of license administration device 520 from step S934in FIG. 37 to step S954 in FIG. 38 is referred to as “binding keyregistering processing”.

License administration module 511 produces plaintext of a private fileincluding no private information (level-1 license and check-outinformation), produces an encrypted private file 160 by encrypting theprivate file with binding key Kb, and records encrypted private file 160on hard disk 530 (step S956). Thereby, the initializing operation iscompleted (step S958).

In the initializing operation, as described above, licenseadministration module 511 of personal computer 50 produces the bindinglicense, stores the binding license at a region, which is designated bythe entry number “0”, in license region 5215B of memory 5215 of licenseadministration device 520, and produces encrypted private file 160 byencrypting the private file with binding key Kb included in the bindinglicense thus produced. Encrypted private file 160 is used for storingthe license received from distribution server 10 by licenseadministration module 511. By encrypting the private file with bindingkey Kb, it becomes impossible to take out the license from encryptedprivate file 160 without binding key Kb. Therefore, binding key Kbfunctions as a symmetric key for administering the license of theencrypted content data. Since binding key Kb is stored in memory 5215 oflicense administration device 520, binding key Kb can be administered byhardware. This results in that the license of the encrypted contentdata, which is administered in a software manner by encrypted privatefile 160 recorded on hard disk 530, is administered by hardware viabinding key Kb. As will be described later, therefore, the encryptedcontent data and the license received by software can be shifted toanother personal computer 80.

[Distribution 3]

In the second embodiment, the operation of distributing the encryptedcontent data and the license requiring the security level of level 2 tolicense administration device 520 is the same as the operation accordingto the flow charts of FIGS. 10-13 in the distribution 1 of the firstembodiment.

FIGS. 39-43 are first to fifth flow charts illustrating the operationaccording to the second embodiment, and particularly the operation fordistributing the encrypted content data and the license fromdistribution server 10 to license administration module 511 of personalcomputer 50 in the data distribution systems shown in FIGS. 1 and 2.This operation is referred to as “distribution 3”.

The flow charts of FIGS. 39-43 are the same as the flow charts of FIGS.14 to 17 except for that steps S264 and S266 in the flow charts of FIGS.14-17 are replaced with steps S1000-S1040.

Referring to FIG. 41, after step S262, license administration module 511determines whether received access control information ACm restricts theallowed reproduction times or not (step S1000). When the allowedreproduction times are not restricted (=255), the operation moves to astep S1002. When the allowed reproduction times are restricted (# 255),the operation moves to a step S1004. When the allowed reproduction timesare not restricted, license administration module 511 produces check-outinformation, which includes allowed check-out times for checking out theencrypted content data and the license received from distribution server10 to another device (step S1002). In this case, the initial value ofthe check-out is set to three. When the allowed reproduction times arerestricted, license administration module 511 produces check-outinformation, in which the allowed check-out times for checking out theencrypted content data to another device are set to zero (step S1004).The processing in step S1004 is performed because the allowedreproduction times cannot be administered by the check-out.

Referring to FIG. 42, after step S1002 or S1004, license administrationmodule 511 provides authentication data {KPm5//Cm5}KPa1 to licenseadministration device 520 via bus BS2 (step S1006). In licenseadministration device 520, which receives authentication data{KPm5//Cm5}KPa1 from license administration module 511, decryptionprocessing unit 5208 receives authentication data {KPm5//Cm5}KPa1,receives public authentication key KPa1 at level 1 from KPa holding unit5214 based on authentication data {KPm5//Cm5}KPa1, and decryptsauthentication data {KPm5//Cm5}KPa1 with received public authenticationkey KPa1 at level 1 (step S1008).

Controller 5220 performs the authentication processing based on theresult of decryption processing in decryption processing unit 5208, andparticularly determines whether the processing is performed correctly,and thus whether decryption processing unit 5208 receives or not theauthentication data encrypted for certifying the validity of classpublic encryption key KPm5 and class certificate Cm5 by the regularsystem (step S1010). When it is determined that the regularauthentication data is received, controller 5220 approves and acceptsclass public encryption key KPm5 and class certificate Cm5. Then, theprocessing moves to a next step S1012. When the authentication data isnot valid, class public encryption key KPm5 and class certificate Cm5are not approved, and the processing ends without accepting these keys.(step S288).

When it is determined from the authentication processing that theregular authentication data is received, controller 5220 then refers toCRL region 5215A of memory 5215 to determine whether class certificateCm5 of license administration module 511 is listed in certificaterevocation list CRL or not. When this class certificate is listed in thecertificate revocation list, the distribution session ends (step S288).

When the class certificate of license administration module 511 is notlisted in the certificate revocation list, the operation moves to a nextstep (step S1012).

When it is determined from the authentication processing that the accessis made from license administration module 511 having the validauthentication data, and the class is not listed in the certificaterevocation list, session key generating unit 5208 in licenseadministration device 520 produces session key Ks2 a (step. S1014), andencryption processing unit 5210 encrypts session key Ks2 a with classpublic encryption key KPm5 to provide encrypted data {Ks2 a}Km5 (stepS1016).

Controller 5220 provides encrypted data {Ks2 a}Km5 via bus BS5,interface 5224 and terminal 5226, and license administration module 511receives encrypted data {Ks2 a}Km5 via bus BS2, and decrypts encrypteddata {Ks2 a}Km5 with class private decryption key Km5 to accept sessionkey Ks2 a (step S1018). License administration module 511 producessession key Ks2 b (step S1020), and encrypts session key Ks2 b withsession key Ks2 a to provide encrypted data {Ks2 b}ks2 a to licenseadministration device 520 via bus BS2 (step S1022).

Controller 5220 of license administration device 520 receives encrypteddata {Ks2 b}ks2 a via terminal 5226, interface 5224 and bus BS5, anddecryption processing unit 5212 decrypts encrypted data {Ks2 b}ks2 awith session key Ks2 a generated by session key generating unit 5208 toaccept session key Ks2 b (step S1024). Thereby, license administrationmodule 511 provides the entry number “0” to license administrationdevice 520 (step S1026), and controller 5220 of license administrationdevice 520 receives the entry number “0” via terminal 5226, interface5224 and bus BS5. Controller 5220 obtains the binding license(transaction IDb, content IDb, binding key Kb, and control informationACmb and ACpb) stored at a region, designated by the entry number “0”,in license region 5215B of memory 5215 (step S1028). Controller 5220determines based on control information ACmb whether the binding licenseis valid or not. When it is valid, the operation moves to step S288, andthe distribution session ends. To be “valid” means such a situation thatthe allowed reproduction times in control information ACmb are not zero,and the processing is authenticated with public authentication key KPa1at level 1 so that the security level of control information ACmb islevel 1.

When the binding license is valid, the operation moves to a step S1032(step S1030).

In step S1030, when it is determined that the binding license is valid,encryption processing unit 5206 encrypts binding key Kb and controlinformation ACpb obtained via selector switch 5246 with session key Ks2b, which is decrypted by decryption processing unit 5212 and is obtainedvia switch 5242, and thereby provides encrypted data {Kb//ACpb}Ks2 b(step S1032).

Referring to FIG. 43, controller 5220 provides encrypted data{Kb//ACpb}Ks2 b via bus BS5, interface 5224 and terminal 5226, andlicense administration module 511 receives encrypted data {Kb//ACpb}Ks2b via bus BS2, and decrypts encrypted data {Kb//ACpb}Ks2 b with sessionkey Ks2 b to obtain binding key Kb and control information ACpb (stepS1034).

A series of processing from step S1006 to step S1034 is performed forobtaining binding key Kb from license administration device 520, and isgenerally referred to as “binding key obtaining processing”.

License administration module 511 obtains encrypted private file 160from hard disk 530, and decrypts encrypted private file 160 with bindingkey Kb to obtain plaintext of a private file (step S1036). Thereby,license administration module 511 adds, as private information n, thelicense (transaction ID, content ID, license key Kc, access controlinformation ACm and reproduction control information ACp) accepted fromdistribution server 10 and the check-out information produced in stepS1002 or S1004 to the plaintext of the private file (step S1038).Thereafter, license administration module 511 encrypts the plaintext ofthe private file with binding key Kb again, and provides encryptedprivate file 160 thus prepared to update encrypted private file 160recorded on hard disk 530 (step S1040). Thereafter, the operation movesto step S268, and steps S268-S288 are executed.

As described above, license administration module 511 transmits the databy software to and from distribution server 10, and receives theencrypted content data and the license by software from distributionserver 10. License administration module 511 records the encryptedcontent data received thereby on hard disk 530, writes the license asprivate information n into the private file, encrypts the private filewith binding key Kb, and stores the license in encrypted private file160. Binding key Kb for decrypting encrypted private file 160 is held bylicense administration device 520. The security level of reception ofthe encrypted content data and the license by license administrationmodule 511 is lower than that of reception of the encrypted content dataand the license by license administration device 520, but is close tothe latter in view of the fact that the record administration is notlinked with personal computer 50.

[Ripping]

FIGS. 44-46 are first to third flow charts for illustrating a rippingoperation according to the second embodiment, respectively. The flowcharts of FIGS. 44-46 are the same as the flowchart of FIG. 19 exceptfor that steps S304-S312 in the flowchart of FIG. 19 are replaced withsteps S1100-1144, and steps S322 and S324 are replaced with stepsS1146-S1150.

Referring to FIG. 44, when it is determined in step S302 that the copyconditions in rules of use do not restrict the copy, processing in stepS1102 is performed. When it is determined that the copy conditions allowfirst-generation copy, processing in step S1100 is performed. When it isdetermined that the copy conditions do not allow the copy, the copy isinhibited, and the operation moves to step S328 to terminate the rippingoperation. When a loaded CD does not contain a watermark and the rulesof use are not obtained, the operation moves to a step S1106.

In step S302, when the copy conditions of the rules of use allow thefirst-generation copy, license administration module 511 replace thewatermark, which is contained in the obtained music data, with thewatermark, in which the copy conditions in the rules of use are changedto inhibit the copy (step S110). The operation moves to step S102. Whenthe detected rules of use allow the copy, license administration module511 produces access control information ACm and reproduction controlinformation ACp reflecting the rules of use (step S1102). If the copy isallowed according to the copy conditions, the shift/copy flag of accesscontrol information ACm is set to allow the shift/copy (i.e., to 3). Ifthe first-generation is allowed, the shift/copy flag is set to inhibitthe shift/copy (i.e., to 0) because the ripping itself is thefirst-generation operation. Although the corresponding rules of use arenot present, the allowed reproduction times are not restricted, and thesecurity level is set to level 1. Thereafter, license administrationmodule 511 sets the allowed check-out times to a value reflecting themaximum check-out times according to the rules of use. When the maximumcheck-out times are not designated, the allowed check-out times are setto three. The check-out information including the allowed check-outtimes thus set is produced (step S1104).

When the watermark is not detected in step S302, and therefore it isdetermined that the rules of use are not present, license administrationmodule 511 sets the shift/copy flag in access control information ACm toinhibit the shift/copy (i.e., to zero), sets the allowed reproductiontimes to be infinite (=255) and sets the security flag to level 1 (=1).Reproduction control information ACp sets the reproduction infinite(step S1106). Thereafter, license administration module 511 produces thecheck-out information including the allowed check-out times, of whichinitial value is equal to three (step S1108).

After steps S1104 or S1108, license administration module 511 produceslicense key Kc based on a random number (step S1110), and producestransaction ID and content ID for a local use (step S1112). Then,license administration module 511 performs processing for obtaining thebinding key. A series of processing from a step S1114 in FIG. 45 to astep S1142 in FIG. 46 is the binding key obtaining processing, and isthe same as the series of processing from step S1006 in FIG. 42 to stepS1034 in FIG. 43 illustrating the distribution processing of thedistribution 3. Therefore, description of such processing is notrepeated.

Referring to FIG. 46, license administration module 511, which obtainedbinding key Kb, obtains encrypted private file 160 from hard disk 530via bus BS2, and decrypts encrypted private file 160 thus obtained withbinding key Kb to obtain the plaintext of the private file (step S1144).Thereafter, steps S314, S316, S318 and S320 already described areexecuted.

After step S320, license administration module 511 adds, as privateinformation n, the produced license (transaction ID, content ID, licensekey Kc, access control information ACm and reproduction controlinformation ACp) and the check-out information produced in step S1104 orS1108 to the plaintext of the private file (step S1146). Thereafter,license administration module 511 encrypts the plaintext of the privatefile with binding key Kb, and updates encrypted private file 160recorded on hard disk 530 by writing encrypted private file 160 thusprepared (step S1148). The license is stored in encrypted private file160, and then license administration module 511 produces a licenseadministration file for the content file (encrypted content data {Dc}Kcand additional information Dc-inf), which includes a private informationnumber n of private information stored in encrypted private file 160 aswell as the plaintext of transaction ID and content ID, and records itson hard disk 530 via bus BS2 (step S1150). Thereafter, foregoing stepS326 is executed, and the ripping operation ends (step S328).

As described above, the encrypted content data and the license canlikewise be obtained by the ripping from the music CD. The encryptedcontent data and the license obtained by the ripping from the music CDare administered by license administration module 511 in the same manneras the encrypted content data and the level-1 license provided bydistribution.

[Check-Out]

In the data distribution systems shown in FIGS. 1 and 2, the encryptedcontent data and the license distributed from distribution server 10 tolicense administration module 511 of personal computer 50 are checkedout to memory card 110 attached to reproduction terminal 102 by thefollowing operation according to the second embodiment.

FIGS. 47-51 are first to fifth flow charts of the check-out operation inthe data distribution systems shown in FIGS. 1 and 2, respectively, andparticularly illustrate the check-out operation, in which licenseadministration module 511 checks out the encrypted content data and thelicense received from distribution server 10 to memory card 110 attachedto reproduction terminal 102 on the conditions that these will bereturned. Before the processing in FIG. 47, the user of personalcomputer 50 determines the content to be checked out in accordance withthe content list file, specifies the content file and the licenseadministration file on hard disk 530, and obtains the reproduction listfile in memory card 110. The following description is based on thepremise that the above operation is already performed.

Referring to FIG. 47, when a check-out request is entered via keyboard560 of personal computer 50 (step S1200), license administration module511 performs the binding key obtaining processing. A series ofprocessing from step S1201 in FIG. 47 to a step S1228 in FIG. 48 is thebinding key obtaining processing, and is the same as the series ofprocessing from step S1006 in FIG. 42 to step S1034 in FIG. 43illustrating the distribution 3. Therefore, description thereof is notrepeated.

Referring to FIG. 48, license administration module 511, which obtainedbinding key Kb, obtains encrypted private file 160 from hard disk 530via bus BS2, and decrypts encrypted private file 160 with binding key Kbto obtain the plaintext of the private file (step S1230). Thereafter,license administration module 511 obtains private information n(transaction ID, content ID, license key Kc, access control informationACm and reproduction control information ACp) in the private filecorresponding to private information number n recorded in the licenseadministration file (step S1232).

Thereby, license administration module 511 determines based on accesscontrol information ACm thus obtained whether the check-out of thelicense is allowed or not (step S1234). Thus, license administrationmodule 511 determines whether the license to be checked out to memorycard 110 attached to reproduction terminal 102 can be reproduced withoutrestrictions on reproduction times by the allowed reproduction times inaccess control information ACm or not, and also determines whether thereproduction by this license is impossible or not. When the allowedreproduction times are restricted, the encrypted content data and thelicense are not checked out.

When the reproduction is restricted in step S1234, the operation movesto a step S1326, and the check-out operation ends. When the allowedreproduction times of the encrypted content data are smaller than therestricted times in access control information ACm, the operation movesto a step S1236. License administration module 511 determines whetherthe allowed check-out times included in the obtained check-outinformation are larger than zero or not (step S1236). When the allowedcheck-out times are equal to zero in step S1236, there is no licenseallowing check-out, so that the operation moves to step S1326, and thecheck-out operation ends. When the allowed check-out times are largerthan zero in step S1236, license administration module 511 sends arequest for sending of the authentication data via USB interface 550,terminal 580 and USB cable 70 (step S1238). Controller 1106 ofreproduction terminal 102 receives the request for the authenticationdata via terminal 1114, USB interface 1112 and bus BS3, and sends thereceived request for the authentication data to memory card 110 via busBS3 and memory card interface 1200. Controller 1420 of memory card 110receives the request for the authentication data via terminal 1426,interface 1424 and bus BS4 (step S1240).

When controller 1420 receives the request for the authentication data,it reads out authentication data {KPm3//Cm3}KPa2 from authenticationdata holding unit 1400 via bus BS4, and provides authentication data{KPm3//Cm3}KPa2 thus read to reproduction terminal 102 via bus BS4,interface 1424 and terminal 1426. Controller 1106 of reproductionterminal 102 receives authentication data {KPm3//Cm3}KPa2 via memorycard interface 1200 and bus BS3, and sends authentication data{KPm3//Cm3}KPa2 to personal computer 50 via bus BS3, USB interface 1112,terminal 1114 and USB cable 70 (step S1242).

Thereby, license administration module 511 of personal computer 50receives authentication data {KPm3//Cm3}KPa2 via terminal 580 and USBinterface 550 (step S1244), and decrypts authentication data{KPm3//Cm3}KPa2 thus received with public authentication key KPa2 atlevel 2 (step S1246).

Referring to FIG. 49, license administration module 511 performs theauthentication processing based on the result of decryption fordetermining whether the processing is performed correctly or not, andthus whether it receives or not the authentication data, which isencrypted for certifying its validity by a regular system, forauthenticating the fact that memory card 110 holds class publicencryption key KPm3 and class certificate Cm3 provided from the regularmemory card (step S1248). When it is determined that the authenticationdata is valid, license administration module 511 approves and acceptsclass public encryption key KPm3 and class certificate Cm3. Then,processing is performed in a step S1250. When the authentication data isnot valid, license administration module 511 does not approve classpublic encryption key KPm3 and class certificate Cm3, and the processingends without accepting them (S1326).

When it is determined that it is the regular memory card, licenseadministration module 511 then obtains and decrypts encrypted CRLrecorded on hard disk 530 for determining whether class certificate Cm3of memory card 110 is listed in certificate revocation list CRL or not.When class certificate Cm3 is listed in the certificate revocation list,the check-out operation ends (step S1326). When the class certificate ofmemory card 110 is not listed in the certificate revocation list, nextprocessing is performed (step S1250).

When it is determined from a result of the authentication processingthat the access is made from the reproduction terminal provided with thememory card having valid authentication data, and the class is notlisted in the certificate revocation list, license administration module511 produces check-out transaction ID, which is used for specifying thecheck-out and takes a value different from those of all the transactionID stored in memory card 110, as a transaction ID for a local use (stepS1252). License administration module 511 produces session key Ks2 b forthe check-out (step S1254), and encrypts session key Ks2 b thus producedwith class public encryption key KPm3 sent from memory card 110 (stepS1256). License administration module 511 sends check-out transactionID//{Ks2 b}Km3, which is produced by adding check-out transaction ID toencrypted data {Ks2 b}Km3, to reproduction terminal 102 via USBinterface 550, terminal 580 and USB cable 70 (step S1258). Thereby,controller 1106 of reproduction terminal 102 receives check-outtransaction ID//{Ks2 b}Km3 via terminal 1114, USB interface 1112 and busBS3, and sends check-out transaction ID//{Ks2 b}Km3 thus received tomemory card 110 via memory card interface 1200. Controller 1420 ofmemory card 110 receives check-out transaction ID//{Ks2 b}Km3 viaterminal 1426, interface 1424 and bus BS4 (step S1260). Decryptionprocessing unit 1422 receives encrypted data {Ks2 b}Km3 via bus BS4 fromcontroller 1420, and decrypts encrypted data {Ks2 b}Km3 with classprivate decryption key Km3 provided from Km holding unit 1421 to acceptsession key Ks2 b (step S1262). Session key generating unit 1418produces a session key Ks2 c (step S1264), and controller 1420 obtainsupdate date/time CRLdate of the certificate revocation list from CRLregion 1415A of memory 1415 via bus BS4, and provides update date/timeCRLdate thus obtained to selector switch 1446 (step S1266).

Thereby, encryption processing unit 1406 encrypts session key Ks2 c,individual public encryption key KPmc4 and update date/time CRLdate,which are obtained by successively selecting the terminals of selectorswitch 1446, with session key Ks2 b decrypted by decryption processingunit 1404 to produce encrypted data {Ks2 c//KPmc4//CRLdate}Ks2 b.Controller 1420 outputs encrypted data {Ks2 c//KPmc4//CRLdate}Ks2 b toreproduction terminal 102 via bus BS4, interface 1424 and terminal 1426.Controller 1106 of reproduction terminal 102 receives encrypted data{Ks2 c//KPmc4//CRLdate}Ks2 b via memory card interface 1200. Controller1106 sends encrypted data {Ks2 c//KPmc4//CRLdate}Ks2 b to personalcomputer 50 via USB interface 1112, terminal 1114 and USB cable 70 (stepS1268).

License administration module 511 of personal computer 50 receivesencrypted data {Ks2 c//KPmc4//CRLdate}Ks2 b via terminal 580 and USBinterface 550 (step S1270), decrypts encrypted data {Ks2c//KPmc4//CRLdate}Ks2 b thus received with session key Ks2 b, andaccepts session key Ks2 c, individual public encryption key KPmc4 andupdate date/time CRLdate (step S1272). License administration module 511produces access control information ACm for check-out, which inhibitsshift and copy of the license from the memory card attached toreproduction terminal 102 to another memory card or the like. Morespecifically, it produces access control information ACm, in which thereproduction times are not restricted (=255), the shift/copy flag is setto “0” inhibiting the shift and copy, and the security flag is set tolevel 1 (=1)(step S1274).

Referring to FIG. 50, license administration module 511 encrypts thelicense with individual public encryption key KPmc4, which is peculiarto memory card 110 and is received in step S1272, to produce encrypteddata {check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4(step S1276). A comparison is made between update date/time CRLdate sentfrom memory card 110 and the update date/time of the certificaterevocation list, which is held on hard disk 530 and is administered bylicense administration module 511, for determining the newer certificaterevocation list. When the list sent from memory card 110 is newer thanthe other, the operation moves to a step S1280. When the certificaterevocation list of license administration module 511 is newer than theother, the operation moves to a step S544 (step S1278).

When it is determined that the certificate revocation list of memorycard 110 is newer than the other, license administration module 511encrypts encrypted data {check-out transaction ID//contentID//Kc//check-out ACm//ACp}Kmc4 with session key Ks2 c, and sendsencrypted data {{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 c to reproduction terminal 102 via USB interface 550,terminal 580 and USB cable 70 (step S1280).

Controller 1106 of reproduction terminal 102 receives encrypted data{{check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4}Ks2c via terminal 1114, USB interface 1112 and bus BS3, and sends encrypteddata {{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 c thus received to memory card 110 via bus BS3 andmemory card interface 1200. Controller 1420 of memory card 110 receivesencrypted data {{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 c via terminal 1426, interface 1424 and bus BS4 (stepS1282).

Decryption processing unit 1412 of memory card 110 receives encrypteddata {{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 c via bus BS4, and decrypts it with session key Ks2 cgenerated by session key generating unit 1418 to accept encrypted data{check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4 (stepS1284). Thereafter, the operation moves to a step S1296 shown in FIG.51.

When it is determined in step S1278 that the certificate revocation listof license administration module 511 is newer than the other, licenseadministration module 511 obtains certificate revocation list CRLadministered by license administration module 511 from hard disk 530.License administration module 511 produces differential CRL based onupdate date/time CRLdate of certificate revocation list CRL obtained andadministered by itself and that of accepted certificate revocation listCRL of memory card 110 (step S1286).

License administration module 511 encrypts encrypted data {check-outtransaction ID//content ID//Kc//check-out ACm//ACp}Kmc4 and differentialCRL thus produced with session key Ks2 c, and sends encrypted data{differential CRL//{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 c to reproduction terminal 102 via USB interface 550,terminal 580 and USB cable 70 (step S1288). Controller 1106 ofreproduction terminal 102 receives encrypted data {differentialCRL//{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 c via terminal 1114, USB interface 1112 and bus BS3,and outputs encrypted data {differential CRL//{check-out transactionID//content ID//Kc//check-out ACm//ACp}Kmc4}Ks2 c thus received tomemory card 110 via bus BS3 and memory card interface 1200. Thereby,controller 1420 of memory card 110 receives encrypted data {differentialCRL//{check-out transaction ID//content ID//Kc//check-outACm//ACp}Kmc4}Ks2 c via terminal 1426, interface 1424 and bus BS4 (stepS1290).

In memory card 110, decryption processing unit 1412 decrypts thereceived data on bus BS4 with session key Ks2 c provided from sessionkey generating unit 1418, and accepts differential CRL and encrypteddata {check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4(step S1292). Controller 1420 receives differential CRL, which isaccepted by decryption processing unit 1412, via bus BS4, and updatescertificate revocation list CRL held in CRL region 1415A of memory 1415by adding received differential CRL thereto (step S1294).

In steps S1280, S1282 and S1284, the operations are performed to checkout license key Kc and others to memory card 110, and the operations inthese steps are performed in the case where certificate revocation listCRL of memory card 110 on the receiver side is newer than certificaterevocation list CRL of license administration module 511 on the senderside. The operations in steps S1286, S1288, S1290, S1292 and S1294 areperformed for checking out license key Kc and others to memory card 110in the case where certificate revocation list CRL of licenseadministration module 511 on the sender side is newer than certificaterevocation list CRL of memory card 110 on the receiver side. In theoperation of sending the license to memory card 110, as described above,certificate revocation list CRL is obtained from hard disk 530 whencertificate revocation list CRL recorded on hard disk 530 is newer thancertificate revocation list CRL held in CRL region 1415A of memory card110, and certificate revocation list CRL thus obtained is set to memorycard 110 so that the certificate revocation list CRL held in CRL region1415A of memory card 110 can be updated.

After step S1284 or S1294, as shown in FIG. 51, controller 1420instructs decryption processing unit 1404 to decrypt encrypted license{check-out transaction ID//content ID//Kc//check-out ACm//ACp}Kmc4 withindividual private decryption key Kmc4, and license (license key Kc,check-out transaction ID, content ID, check-out ACm and reproductioncontrol information ACp) are accepted (step S1296).

License administration module 511 of personal computer 50 sends theentry number for storing the license, which is checked out to memorycard 110, to reproduction terminal 102 via USB interface 550, terminal580 and USB cable 70 (step S1298). Thereby, controller 1106 ofreproduction terminal 102 receives the entry number via terminal 1114,USB interface 1112 and bus BS3, and sends the received entry number tomemory card 110 via memory card interface 1200. Controller 1420 ofmemory card 110 receives the entry number via terminal 1426, interface1424 and bus BS4, and stores license (license key Kc, check-outtransaction ID, content ID, check-out ACm and reproduction controlinformation ACp), which is accepted in step S1296, in license region1415B of memory 1415 designated by the received entry number (stepS1300).

License administration module 511 of personal computer 50 generates thelicense administration file, which includes the entry number of licensestored in memory 1415 of memory card 110 as well as the plaintext ofcheck-out transaction ID and the content ID, and corresponds toencrypted content data {Dc}Kc to be moved to memory card 110 andadditional information Dc-inf, and sends the license administration fileto memory card 110 (step S1302).

Controller 1420 of memory card 110 receives the license administrationfile via reproduction terminal 102, and records the received licenseadministration file in data region 1415C of memory 1415 (step S1304).

License administration module 511 of personal computer 50 decrements theallowed check-out times by one, and adds the check-out transaction IDand individual public encryption key KPmc4 peculiar to the memory cardforming the destination of the check-out to update the check-outinformation (step S1306). License administration module 511 updates theplaintext of the private file by preparing new private information n,which includes the transaction ID, content ID, license key Kc, accesscontrol information ACm, reproduction control information ACp andupdated address information (to which allowed check-out times, check-outtransaction ID and individual public encryption key KPmc4 peculiar tomemory card 110 of the check-out destination are added) (step S1308).Individual public encryption key KPmc4 of the check-out destination isstored in a tamper resistant module of the memory card, and has apeculiar value, which is peculiar to the memory card and is obtained viaa communication system having a high security level ensured byauthentication and encryption. Therefore, individual public encryptionkey KPmc4 can be suitably used as identification information forspecifying or identifying the memory card.

Thereafter, license administration module 511 encrypts the plaintext ofthe private file with binding key Kb, and updates encrypted private file160 recorded on hard disk 530 (step S1310).

License administration module 511 obtains encrypted content data {Dc}Kcand additional information Dc-inf, which are to be checked out to memorycard 110, from hard disk 530, and sends data {Dc}Kc//Dc-inf to memorycard 110 (step S1312). Controller 1420 of memory card 110 receives data{Dc}Kc//Dc-inf via reproduction terminal 102 (step S1314), and recordsdata {Dc}Kc//Dc-inf received via bus BS4 in data region 1415C of memory1415 (step S1316).

Thereby, license administration module 511 of personal computer 50prepares the reproduction list file additionally including the tunes(step S1318), which are checked out to memory card 110, and sends thereproduction list file and the instruction of rewriting the reproductionlist file to memory card 110 (step S1320). Controller 1420 of memorycard 110 receives the reproduction list file and the rewritinginstruction via reproduction terminal 102 (step S1322), and writes thereceived reproduction list file via bus BS4 into data region 1415C ofmemory 1415 to renew the reproduction list file recorded therein (stepS1324). Thereby, the check-out operation ends (step S1326).

As described above, it is determined that memory card 110 attached toreproduction terminal 102 is the regular device, and at the same time,it is determined that class public encryption key KPm3, which isencrypted and sent together with class certificate Cm3, is valid. Afterdetermining these facts, the content data can be checked out only inresponse to the request for check-out to the memory card having classcertificate Cm3 not listed in the certificate revocation list, i.e., inthe list of the class certificates having the broken class publicencryption key KPm3. Therefore, it is possible to inhibit the check-outto an unauthorized memory card as well as the check-out using thedescrambled or broken class key. Further, the encryption keys producedin the license administration module and the memory card are transmittedbetween them. Each of the license administration module and the memorycard executes the encryption with the received encryption key, and sendsthe encrypted data to the other so that the mutual authentication can bepractically performed even when sending and receiving the encrypteddata, and it is possible to improve the security in the operation ofchecking out the encrypted content data and the license. By using thecheck-out operation described above, even the user of reproductionterminal 102 not having a function of communicating with distributionserver 10 can receive the encrypted content data and the license, whichare received by software of personal computer 50, on the memory card.This improves the user's convenience.

[Check-In]

In the data distribution systems shown in FIGS. 1 and 2, the encryptedcontent data and the license, which are checked out to memory card 110from license administration module 511 of personal computer 50, arechecked in and returned to license administration module 511.Description will now be given on this check-in operation.

FIGS. 52-55 are first to fourth flow charts illustrating the check-inoperation for returning or checking in the encrypted content data andthe license, which were checked out to memory card 110 by the check-outoperation already described with reference to FIGS. 47-51. Before theprocessing illustrated in FIG. 52, the user of personal computer 50obtains the content list file recorded on hard disk 530 and thereproduction list file recorded in data region 1415C of memory card 110.In accordance with these files, the user determines the content to bechecked in, specifies the content file and the license administrationfile of hard disk 530 and memory card 110, and obtains the licenseadministration file of memory card 110. The following description isbased on the premise that the above operation is already performed.

Referring to FIG. 52, when a check-in request is entered via keyboard560 of personal computer 50 (step S1400), license administration module511 performs the binding key obtaining processing. A series ofprocessing from step S1402 in FIG. 52 to a step S1430 in FIG. 53 is thebinding key obtaining processing, and is the same as the series ofprocessing from step S1006 in FIG. 42 to step S1034 in FIG. 43illustrating the distribution 3. Therefore, description thereof is notrepeated.

Referring to FIG. 53, license administration module 511, which obtainedbinding key Kb, obtains encrypted private file 160 from hard disk 530via bus BS2, and decrypts encrypted private file 160 with binding key Kbto obtain the plaintext of the private file (step S1432). Thereafter,license administration module 511 obtains private information n (license(transaction ID, content ID, license key Kc, access control informationACm and reproduction control information ACp) and check-out information(allowed check-out times, check-out transaction ID and individual publicencryption key KPmcx of the memory card of the check-out destination))in the private file corresponding to private information number nrecorded in the license administration file as well as (step S1434).License administration module 511 sends a request for sending of theauthentication data to reproduction terminal 102 via USB interface 550,terminal 580 and USB cable 70 (step S1436).

Controller 1106 of reproduction terminal 102 receives the request forthe authentication data via terminal 1114, USB interface 1112 and busBS3, and sends the received request for the authentication data tomemory card 110 via bus BS3 and memory card interface 1200. Controller1420 of memory card 110 receives the request for the authentication datavia terminal 1426, interface 1424 and bus BS4 (step S1438).

When controller 1420 receives the request for the authentication data,it reads out authentication data {KPm3//Cm3}KPa2 from authenticationdata holding unit 1400 via bus BS4, and provides authentication data{KPm3//Cm3}KPa2 thus read to reproduction terminal 102 via bus BS4,interface 1424 and terminal 1426. Controller 1106 of reproductionterminal 102 receives authentication data {KPm3//Cm3}KPa2 via memorycard interface 1200 and bus BS3, and sends authentication data{KPm3//Cm3}KPa2 to personal computer 50 via bus BS3, USB interface 1112,terminal 1114 and USB cable 70 (step S1440).

License administration module 511 of personal computer 50 receivesauthentication data {KPm3//Cm3}KPa2 via terminal 580 and USB interface550 (step S1442), and decrypts authentication data {KPm3//Cm3}KPa2 thusreceived with public authentication key KPa2 at level 2 (step SS1444).License administration module 511 performs the authentication processingbased on the result of decryption for determining whether the processingis performed correctly or not, and thus whether it receives or not theauthentication data, which is encrypted for certifying its validity by aregular system, for authenticating the fact that memory card 110 holdsclass public encryption key KPm3 and class certificate Cm3 provided fromthe regular memory card (step S1446). When it is determined that theauthentication data is valid, license administration module 511 approvesand accepts class public encryption key KPm3 and class certificate Cm3.Then, processing is performed in a step S1448. When the authenticationdata is not valid, license administration module 511 does not approveclass public encryption key KPm3 and class certificate Cm3, and theprocessing ends without accepting them (S1506). When it is determinedfrom the result of the authentication processing that it is the regularmemory card, license administration module 511 produces a dummytransaction ID (step S1448). The dummy transaction ID necessarily takesa value different from all the transaction IDs stored in memory card110, and is produced as a transaction ID for local use.

Referring to FIG. 54, license administration module 511 produces sessionkey Ks2 b for check-in (step S1450). License administration module 511encrypts session key Ks2 b thus produced with class public encryptionkey KPm3 sent from memory card 110 to produce encrypted data {Ks2 b}Km3(step S1452), and sends dummy transaction ID//{Ks2 b}Km3, which isprepared by adding dummy transaction ID to encrypted data {Ks2 b}Km3, toreproduction terminal 102 via USB interface 550, terminal 580 and USBcable 70 (step S1454). Controller 1106 of reproduction terminal 102receives dummy transaction ID//{Ks2 b}Km3 via terminal 1114, USBinterface 1112 and bus BS3, and sends dummy transaction ID//{Ks2 b}Km3thus received to memory card 110 via memory card interface 1200.Controller 1420 of memory card 110 receives dummy transaction ID//{Ks2b}Km3 via terminal 1426, interface 1424 and bus BS4 (step S1456).Decryption processing unit 1422 receives encrypted data {Ks2 b}Km3 fromcontroller 1420 via bus BS4, and decrypts encrypted data {Ks2 b}Km3 withclass private decryption key Km3 sent from Km holding unit 1421 toaccept session key Ks2 b (step S1458). Session key generating unit 1418generates session key Ks2 c (step S1460). Controller 1420 obtains updatedate/time CRLdate of certificate revocation list CRL from CRL region1415A of memory 1415 via bus BS4, and provides the update date/timeCRLdate thus obtained to selector switch 1446 (step S1462).

Thereby, encryption processing unit 1406 encrypts session key Ks2 c,individual public encryption key KPmc4 and update date/time CRLdate,which are obtained by successively selecting the terminals of selectorswitch 1446, with session key Ks2 b, which is decrypted by decryptionprocessing unit 1422 and is obtained via terminal Pa of selector switch1442, to produce encrypted data {Ks2 c//KPmc4//CRLdate}Ks2 b. Controller1420 outputs encrypted data {Ks2 c//KPmc4//CRLdate}Ks2 b to reproductionterminal 102 via bus BS4, interface 1424 and terminal 1426. Controller1106 of reproduction terminal 102 receives encrypted data {Ks2c//KPmc4//CRLdate}Ks2 b via memory card interface 1200. Controller 1106sends encrypted data {Ks2 c//KPmc4//CRLdate}Ks2 b to personal computer50 via USB interface 1112, terminal 1114 and USB cable 70 (step S1464).

License administration module 511 of personal computer 50 receivesencrypted data {Ks2 c//KPmc4//CRLdate}Ks2 b via terminal 580 and USBinterface 550 (step S1466), decrypts encrypted data {Ks2c//KPmc4//CRLdate}Ks2 b thus received with session key Ks2 b, andaccepts session key Ks2 c, individual public encryption key KPmc4 andupdate date/time CRLdate (step S1468).

Then, license administration module 511 determines whether acceptedindividual public encryption key KPmc4 is included in the check-outinformation of private information n obtained in step S1434 or not, andthus whether it matches with individual public encryption key KPmcxstored corresponding to check-out transaction ID of the license to bechecked out (step S1470).

Individual public encryption key KPmc4 thus accepted is included in thecheck-out information, which is updated at the time of check-out of theencrypted content data and the license (see step S1300 in FIG. 51).Therefore, by preparing the check-out information, which includesindividual public encryption key KPmc4 corresponding to the destinationof check-out of the encrypted content data and others, the check-outdestination can be easily specified at the time of check-in.

In step S1470, if individual public encryption key KPmc4 is not includedin the check-out information, the check-in operation ends (step S1506).In step S635, if individual public encryption key KPmc4 is included inthe check-out information, license administration module 511 encryptsdummy license, i.e., dummy transaction ID, dummy content IDcorresponding to no content, dummy license key Kc (represented as dummyKc) not participating in reproduction, dummy access control informationACm (represented as dummy ACm), in which the reproduction times are notrestricted (=255), the shift/copy flag is set to “0” inhibiting theshift and copy, and the security flag is set to level 1 (=1), and dummyreproduction control information ACp (represented as dummy ACp) withindividual public encryption key KPmc4 to produce encrypted data {dummytransaction ID//dummy content ID//dummy Kc//dummy ACm//dummy ACp}Kmc4(step S1472).

License administration module 511 encrypts encrypted data {dummytransaction ID//dummy content ID//dummy Kc//dummy ACm//dummy ACp}Kmc4with session key Ks2 c to produce encrypted data {{dummy transactionID//dummy content ID//dummy Kc//dummy ACm//dummy ACp}Kmc4}Ks2 c, andsends encrypted data {{dummy transaction ID//dummy content ID//dummyKc//dummy ACm//dummy ACp}Kmc4}Ks2 c to reproduction terminal 102 via USBinterface 550, terminal 580 and USB cable 70 (step S1474).

Controller 1106 of reproduction terminal 102 receives encrypted data{{dummy transaction ID//dummy content ID//dummy Kc//dummy ACm//dummyACp}Kmc4}Ks2 c via terminal 1114, USB interface 1112 and bus BS3.Controller 1106 sends encrypted data {{dummy transaction ID//dummycontent ID//dummy Kc//dummy ACm//dummy ACp}Kmc4}Ks2 c thus received tomemory card 110 via bus BS3 and memory card interface 1200. Controller1420 of memory card 110 receives encrypted data {{dummy transactionID//dummy content ID//dummy Kc//dummy ACm//dummy ACp}Kmc4}Ks2 c viaterminal 1426, interface 1424 and bus BS4 (step S1476).

Referring to FIG. 55, decryption processing unit 1412 of memory card 110receives encrypted data {{dummy transaction ID//dummy content ID//dummyKc//dummy ACm//dummy ACp}Kmc4}Ks2 c via bus BS4, decrypts it withsession key Ks2 c generated by session key generating unit 1418, andaccepts encrypted data {dummy transaction ID//dummy content ID//dummyKc//dummy ACm//dummy ACp}Kmc4 (step S1478). Decryption processing unit1404 receives encrypted data {dummy transaction ID//dummy contentID//dummy Kc//dummy ACm//dummy ACp}Kmc4 from decryption processing unit1412, and decrypts encrypted data {dummy transaction ID//dummy contentID//dummy Kc//dummy ACm//dummy ACp}Kmc4 thus received with individualprivate decryption key Kmc4 obtained from Kmc holding unit 1402 toaccept dummy transaction ID, dummy content ID, dummy Kc, dummy ACm anddummy ACp) (step S1480).

License administration module 511 of personal computer 50 obtains anentry number, where the license for the check-in is stored, from thelicense administration file of memory card 110, and sends it as theentry number for storing the dummy license to reproduction terminal 102via USB interface 550, terminal 580 and USB cable 70 (step S1482).Thereby, controller 1106 of reproduction terminal 102 receives the entrynumber via terminal 1114, USB interface 1112 and bus BS3, and sends thereceived entry number to memory card 110 via memory card interface 1200.Controller 1420 of memory card 110 receives the entry number viaterminal 1426, interface 1424 and bus BS4, and stores dummy license(dummy transaction ID, dummy content ID, dummy Kc, dummy ACm and dummyACp) in license region 1415B of memory 1415 designated by the entrynumber thus received (step S1484). By recording dummy transaction ID,dummy content ID, dummy Kc, dummy ACm and dummy ACp in this manner, thelicense checked out to memory card 110 can be erased.

Thereafter, license administration module 511 of personal computer 50increments the allowed check-out times in the check-out information byone, and updates the check-out information by deleting the check-outtransaction ID and the individual public encryption key KPmc4 of thememory card of the check-out destination (step S1486). Licenseadministration module 511 updates the plaintext of the private file byusing new private information n, which includes the transaction ID,content ID, license key Kc, access control information ACm, reproductioncontrol information ACp and the updated check-out information (stepS1488). Thereafter, license administration module 511 updates theplaintext of the private file with binding key Kb to update encryptedprivate file 160 recorded on hard disk 530 (step S1490).

Then, license administration module 511 sends a deletion instruction fordeleting the content file (encrypted content data {Dc}Kc and additionalinformation Dc-inf) and the license administration file for the license,which is checked out and is recorded at data region 1415C in memory 1415of memory card 100, to reproduction terminal 102 via USB interface 550,terminal 580 and USB cable 70 (step S1492). Controller 1106 ofreproduction terminal 102 receives the deletion instruction for thecontent file (encrypted content data {Dc}Kc and additional informationDc-inf) and the license administration file via terminal 1114, USBinterface 1112 and bus BS3 (step S1494). Thereby, controller 1106outputs the instruction for deleting the content file (encrypted contentdata {Dc}Kc and additional information Dc-inf) and the licenseadministration file to memory card 110. Thereby, controller 1420 ofmemory card 110 receives the deletion instruction for the content file(encrypted content data {Dc}Kc and additional information Dc-inf) andthe license administration file via terminal 1426, interface 1424 andbus BS4, and deletes the content file (encrypted content data {Dc}Kc andadditional information Dc-inf) and the license administration file viabus BS4 (step S1496).

License administration module 511 of personal computer 50 prepares thereproduction list, from which the checked-in tunes are deleted (stepS1498), and sends the reproduction list and the instruction forrewriting the reproduction list to memory card 110 (step S1500).Controller 1420 of memory card 110 receives the reproduction list andthe rewriting instruction via reproduction terminal 102 (step S1502),and writes the received reproduction list into memory 1415 via bus BS4to renew the reproduction list written therein (step S1504). Thereby,the check-in operation ends (step S1506).

As described above, the encrypted content data and the license arereturned from the opposite side, to which the encrypted content data andthe license are checked out. Thereby, the license is checked out fromthe license administration module of a low security level inhibiting theshift of the license to the memory card of a high security level, andthe memory card can receive the license obtained by the licenseadministration module of the low security level. Therefore, theencrypted content data can be reproduced for enjoyment by thereproduction terminal with the license obtained by the licenseadministration module of a low security level.

The license checked out to the memory card cannot be output from thememory card to another recording device (memory card, licenseadministration device or license administration module) according tospecifications in access control information ACm. Therefore, thelicense, which was checked out, does not leak. By returning or checkingin the license, which was checked out, to the original licenseadministration module, the right of the license, which was checked out,returns to the original license administration module. Accordingly, thesystem allows neither the unauthorized copy nor the lowering of thesecurity level, and can secure the copyright.

Referring to FIG. 56, description will now be given on theadministration of the encrypted content data and the license received bylicense administration module 511 or license administration device 520of personal computer 50. Hard disk 530 of personal computer 50 includescontent list file 150, content files 1531-153 k, license administrationfiles 1521-152 k and encrypted private file 160.

Content list file 150 is a data file describing the owned contents in alist format, and includes information (e.g., title of tune and name ofartist) about each content as well as information (file names)representing the content file and license administration file.Information about each content is mentioned automatically or inaccordance with the instruction of the user by obtaining necessaryinformation from additional information Dc-inf at the time of reception.The contents, which include only the content file or only the licenseadministration file, and thus cannot be reproduced, can also beadministered in the list.

Content files 1531-153 k of k in number are files storing encryptedcontent data {Dc}Kc and additional information Dc-inf, which arereceived by license administration module 511 or license administrationdevice 520, and these files are provided for each content.

License administration files 1521-152 k are recorded corresponding tocontent files 1531-153 k, respectively, and are employed foradministering the license received by license administration module 511or license administration device 520. License administration files1521-152 k include information for specifying the storage place of thelicense and the information relating to the license.

The information for specifying the storage place is the entry numberwhen the license is recorded in license administration device 520, or isthe private information number specifying the private informationrecorded in the encrypted private file.

The information relating to the license is a copy of plaintext ofmatters, which are restricted in access control information ACm andreproduction control information ACp, and can be easily determined fromlicense purchase conditions AC, as well as transaction ID and contentID, which can be referred to as the plaintext at the time of receptionof the license. As is apparent from the description already given, thelicense is recorded in a manner protected from referring for the purposeof protecting the content. However, no problem occurs from the viewpointof protection of the content even when the contents of the informationother than license key Kc are referred to unless the contents arerewritten. In the application program, each processing starts byreferring to the information relating to the license.

The encrypted private information file includes the license and thecheck-out information administered by license administration module 511.The encrypted private information file takes the form encrypted withbinding key Kb.

More specifically, license administration files 1521 and 1524 includeentry numbers 0 and 1, respectively. These indicate the administrationregions of the licenses (license ID, license key Kc, access controlinformation ACm and reproduction control information ACp) administeredat license region 5215B in memory 5215 of license administration device520.

Accordingly, when the license administered by license administrationdevice 520 as well as the encrypted content data, which is recorded incontent file 1531 and can be reproduced with this license, are to beshifted or copied to memory card 110 attached to reproduction terminal102, a search is performed through content file 150 to specify contentfile 1531 and license administration file 1521, and the licenseadministration file 1521 is referred to, whereby it is possible todetermine the administration place of the license for encrypted contentdata {Dc}Kc recorded in content file 1531. Since the licenseadministration file 1521 corresponding to content file 1531 includes theentry number of “1”, the license for reproducing the encrypted contentdata of the file name recorded in content file 1531 is recorded at theregion, which is designated by the entry number “1”, in license region5215B of memory 5215 in license administration device 520. In this case,the entry number “1” is read from license administration module 511 ofcontent list file 150 recorded on hard disk 530, and the entry number“1” thus read is provided to license administration device 520, wherebythe license can be easily taken and shifted from license region 5215B ofmemory 5215 to memory card 110. After the license is shifted, thelicense at the designated entry number “1” is deleted from licenseregion 5215B of memory 5215 so that “no license” is recorded as is donein license administration file 1523.

License administration module 511 records the license administered bylicense administration module 511 together with the check-outinformation as the private information in encrypted private file 160,and administers it with license administration files 1522, 1524, * * *and 152 k. License administration files 1522, 1524, * * * and 152 kinclude the private information numbers of the private informationformed of the corresponding license in encrypted private file 160 andthe check-out information.

For example, when the license administered by license administrationmodule 511 and the encrypted content data, which can be reproduced withthis license and is recorded in content file 1534, is to be shifted orcopied to personal computer 80, a search is performed through contentfile 150 to specify content file 1534 and license administration file1524, and thereby private information number n is obtained from licenseadministration file 1524. Further, binding key Kb is obtained fromlicense administration device 520, and encrypted private file 160 isdecrypted with binding key Kb thus obtained to obtain the plaintext ofthe private file. Thereby, the license and the check-out information canbe obtained from the private information in the private file, whichcorresponds to the private information number n obtained from thelicense administration file.

According to the first embodiment of the invention, as described above,the license of the encrypted content data received by licenseadministration module 511 is stored as the private information inencrypted private file 160, and encrypted private file 160 can bedecrypted only with binding key Kb, which is held by hardware in licenseadministration device 520. Thus, binding key Kb is a symmetric keyadministering the encrypted content data and the license, and thelicense cannot be obtained without binding key Kb. Accordingly, thelicense of the encrypted content data received by license administrationmodule 511 is recorded on hard disk 530 in the form written in encryptedprivate file 160, and therefore is practically administered by software.However, the license cannot be taken out from encrypted private file 160without binding key Kb stored in license administration device 520.Therefore, the administration is practically and nearly made byhardware.

However, the license received by license administration device 520 isstored in license region 5215B of memory 5215. Accordingly, theadministration level of the license received by license administrationmodule 511 according to the first embodiment of the invention can beclose to the administration level of the license received by licenseadministration device 520.

In the above description, it is assumed that the binding license isstored at the entry number “0”.

[Reproduction]

In the second embodiment, the encrypted content data recorded in memorycard 110 is reproduced by cellular phone 100 or reproduction terminal102 in accordance with flow charts of FIGS. 31 and 32.

Personal computers 50 and 80 may be internally provided with contentreproducing device 1550 shown in FIG. 7, whereby the encrypted contentdata received by license administration module 511 or licenseadministration device 520 can be reproduced. For reproducing theencrypted content data, which is obtained by license administrationmodule 511, by content reproducing device 1550, license administrationmodule 511 obtains binding key Kb stored in license administrationdevice 520, decrypts encrypted private file 160 recorded on hard disk530 with binding key Kb, and reads the license from the plaintext of theprivate file for providing it to content reproducing device 1550.

Further, personal computers 50 and 80 may be internally provided withreproducing units, which function in accordance with software forreproducing the encrypted content data. Thereby, the encrypted contentdata obtained by license administration module 511 can be reproduced bysoftware. In this case, license administration module 511 likewiseobtains binding key Kb stored in license administration device 520,decrypts encrypted private file 160 recorded on hard disk 530 withbinding key Kb, and reads the license of the plaintext of the privatefile to provide it to content reproducing device 1550. As compared withthe reproduction (level 2) ensuring the security by hardware in contentreproducing device 1550, the reproduction by software is performed atlower security level (level 1) because the security is ensured bysoftware. Accordingly, the license held by license administration device520 cannot be used for such reproduction by the software.

[Shift/Copy 2]

In the data distribution systems shown in FIGS. 1 and 2, the encryptedcontent data and the license obtained by license administration module511 of personal computer 50 are shifted or copied to personal computer80. Description will now be given on this operation according to thesecond embodiment. This operation will be referred to as “shift/copy 2”.

FIGS. 57-64 are first to eighth flow charts illustrating the shift ofthe encrypted content data and the license obtained by licenseadministration module 511 to personal computer 80. Before the processingillustrated in FIG. 57, the user of personal computer 50 determines thecontent to be shifted in accordance with the content list file, and thecontent file and the license administration file in hard disk 530 andmemory card 110 are specified. The following description is based on thepremise that the above operation is already performed. The naturalnumber w, which identifies the class of the license administrationmodule in personal computer 80 on the receiver side, is equal to five(w=5), and a natural number y for identifying the license administrationmodule is equal to five (y=5).

Referring to FIG. 57, when the user enters a shift request for thelicense, which is obtained by license administration module 511 ofpersonal computer 50, via keyboard 560 of personal computer 50 (stepS1600), license administration module 511 of personal computer 50performs the binding key obtaining processing. A series of processingfrom a step S1601 in FIG. 57 to a step S1615 in FIG. 58 is the bindingkey obtaining processing, and is the same as the series of processingfrom step S1006 in FIG. 42 to step S1034 in FIG. 43. Therefore,description thereof is not repeated.

Referring to FIG. 58, when the binding key is obtained, licenseadministration module 511 of personal computer 50 obtains encryptedprivate file 160 from hard disk 530 via bus BS2, and decrypts encryptedprivate file 160 thus obtained with binding key Kb to obtain theplaintext of the private file (step S1616). Thereafter, licenseadministration module 511 of personal computer 50 obtains privateinformation n (transaction ID, content ID, license key Kc, accesscontrol information ACm, reproduction control information ACp andcheck-out information) in the private file corresponding to privateinformation number n recorded in the license administration file (stepS1617).

Thereby, license administration module 511 of personal computer 50determines based on access control information ACm thus obtained whetherthe shift and copy of the encrypted content data are allowed or not(step S1618). Thus, license administration module 511 determines, basedon the allowed reproduction times and shift/copy flag in access controlinformation ACm thus obtained, whether access control information ACminhibits the shift and copy of the encrypted content data according tothe license to be shifted to personal computer 80 or not.

When the shift and copy are restricted in step S1618, the operationmoves to a step S1703, and the shift operation ends. When the shift andcopy are not inhibited in step S1618, the operation moves to a stepS1619. License administration module 511 determines based on theobtained check-out information whether the check-out is allowed or not(step S1619). When the check-out is impossible in step S1619, thecheck-out is inhibited so that the operation moves to a step S1703, andthe check-out operation ends. When the check-out is allowed in stepS1619, device determining processing is performed for determiningwhether license administration device 520 can store a new binding key ornot. When license administration device 520 cannot be authenticatedaccording to the device determining processing, or when certificaterevocation list CRL prevents the recording of a new binding key, theprocessing is interrupted for maintaining a current status. A series ofprocessing from a step S1621 in FIG. 58 to a step S1633 in FIG. 59 isthe device determining processing, and is the same as the series ofprocessing from step S906 in FIG. 36 to step S932 in FIG. 37illustrating the initialization in flow charts. Therefore, descriptionthereof is not repeated.

Referring to FIG. 59, when the device determining processing ends,license administration module 511 of personal computer 50 sends arequest for sending of the authentication data to personal computer 80via a communication cable 90 (step S1634). The license administrationmodule of personal computer 80 receives this request for theauthentication data (step S1635).

When the license administration module of personal computer 80 receivesthe request for the authentication data, it sends authentication data{KPm5//Cm5}KPa1 to personal computer 50 (step S1636). Licenseadministration module 511 of personal computer 50 receivesauthentication data {KPm5//Cm5}KPa1 via terminal 580 and US interface550 (step S1637), and decrypts received authentication data{KPm5//Cm5}KPa1 with level-1 authentication key KPa1 (step S1638).

Referring to FIG. 60, license administration module 511 performs theauthentication processing based on the result of decryption fordetermining whether the processing is performed correctly or not, andthus whether it receives or not the authentication data, which isencrypted for certifying its validity by a regular system, forauthenticating the fact that the license administration module ofpersonal computer 80 holds class public encryption key KPm5 and classcertificate Cm5 provided from the regular license administration module(step S1639). When it is determined that the authentication data isvalid, license administration module 511 approves and accepts classpublic encryption key KPm5 and class certificate Cm5. Then, operation isperformed in a step S1640. When the authentication data is not valid,license administration module 511 does not approve class publicencryption key KPm5 and class certificate Cm5, and the processing endswithout accepting them (S1703). When it is determined that it is theregular license administration module, license administration module 511then refers to hard disk 530 to determine whether class certificate Cm5of license administration module is listed in certificate revocationlist CRL or not. When class certificate Cm5 is listed in certificaterevocation list CRL, the shift operation ends (step S1703). When classcertificate Cm5 of the license administration module is not listed incertificate revocation list CRL, next processing is performed (step1640).

When it is determined from the result of the authentication processingthat the access is made from the personal computer with the licenseadministration module having valid authentication data, and the class isnot listed in the certificate revocation list, license administrationmodule 511 produces a session key Ks2 d for shift (step S1641). Licenseadministration module 511 encrypts session key Ks2 d thus produced withclass public encryption key KPm5 received from personal computer 80(step S842), and sends transaction ID//{Ks2 d}Km5, which is prepared byadding transaction ID to encrypted data {Ks2 d}Km5, to personal computer80 via communication cable 90 (step S1643). The license administrationmodule of personal computer 80 receives transaction ID//{Ks2 d}Km5 (stepS1644). The license administration module of personal computer 80decrypts encrypted data {Ks2 d}Km5 with class private decryption keyKm3, and accepts session key Ks2 d (step S1645). The licenseadministration module of personal computer 80 produces a session key Ks2e (step S846), and obtains update date/time CRLdate of the certificaterevocation list from the hard disk (step S1647).

The license administration module of personal computer 80 encryptssession key Ks2 e, individual public encryption key KPmc5 and updatedate/time CRLdate with session key Ks2 d to produce and send encrypteddata {Ks2 e//KPmc5//CRLdate}Ks2 d to personal computer 50 viacommunication cable 90 (step S1648).

License administration module 511 of personal computer 50 receivesencrypted data {Ks2 e//KPmc5//CRLdate}Ks2 d via terminal 580 and USBinterface 550 (step S849), decrypts encrypted data {Ks2e//KPmc5//CRLdate}Ks2 d thus received with session key Ks2 d, andaccepts session key Ks2 e, individual public encryption key KPmc5 andupdate date/time CRLdate (step S1650). License administration module 511encrypts transaction ID, content ID, license key Kc, access controlinformation ACm and reproduction control information ACp with individualpublic encryption key KPmc5 peculiar to personal computer 80 to produceencrypted data {transaction ID//content ID//Kc//ACm//ACp}Kmc5, (stepS1651).

Referring to FIG. 61, license administration module 511 of personalcomputer 50 determines, based on update date/time CRLdate of thecertificate revocation list sent from the license administration moduleof personal computer 80, the newer certificate revocation list betweenthe certificate revocation list administered by the licenseadministration module of personal computer 80 and the certificaterevocation list administered by license administration module 511itself. When certificate revocation list CRL administered by licenseadministration module 511 itself is older than the other, the operationmoves to a step S1653; When certificate revocation list CRL administeredby license administration module 511 itself is newer than the other, theoperation moves to a step S1656 (step S1652).

When license administration module 511 determines that certificaterevocation list CRL administered by itself is older than the other,license administration module 511 encrypts encrypted data {transactionID//content ID//Kc//ACm//ACp}Kmc5 with session key Ks2 e produced bylicense administration module 511, and provides encrypted data{{transaction ID//content ID//Kc//ACm//ACp}Kmc5}Ks2 e to personalcomputer 80 via communication cable 90 (step S1653).

The license administration module of personal computer 80 receivesencrypted data {{transaction ID//content ID//Kc//ACm//ACp}Kmc5}Ks2 e(step S854), and decrypts encrypted data {{transaction ID//contentID//Kc//ACm//ACp}Kmc5}Ks2 e with session key Ks2 e to accept encrypteddata {transaction ID//content ID//Kc//ACm//ACp}Kmc5 (step S1655).Thereafter, the operation moves to a step S1661.

When it is determined in step S1652 that certificate revocation list CRLadministered by license administration module 511 itself is newer thanthe other, license administration module 511 of personal computer 50obtains certificate revocation list CRL from hard disk 530. Licenseadministration module 511 produces differential CRL based on updatedate/time CRLdate of certificate revocation list CRL, which is obtainedand administered by itself, and update date/time CRLdate of certificaterevocation list CRL administered by the license administration module ofpersonal computer 80 (step S1656). License administration module 511receives differential CRL and encrypted data {transaction ID//contentID//Kc//ACm//ACp}Kmc5, encrypts them with session key Ks2 e to provideencrypted data {differential CRL//{transaction ID//contentID//Kc//ACm//ACp}Kmc5}Ks2 e to personal computer 80 via communicationcable 90 (step S1657).

Personal computer 80 receives encrypted data {differentialCRL//{transaction ID//content ID//Kc//ACm//ACp}Kmc5}Ks2 e (step S1658),and the license administration module decrypts it with session key Ks2 eto accept the differential CRL and encrypted data {transactionID//content ID//Kc//ACm//ACp}Kmc5 (step S1659).

The license administration module of personal computer 80 adds thedifferential CRL thus accepted to certificate revocation list CRLrecorded on the hard disk, and thereby updates certificate revocationlist CRL (step S1660).

In steps S1653, S1654 and S1655, the operations are performed forshifting license key Kc and others to personal computer 80, and theoperations performed in these steps are performed when certificaterevocation list CRL held by personal computer 80 on the receiver side isnewer than certificate revocation list CRL held by personal computer 50on the sender side. The operations in steps S1654, S1655, S1656, S1657and S1660 are performed for shifting license key Kc and others topersonal computer 80 in the case where certificate revocation list CRLheld by personal computer 80 on the receiver side is older thancertificate revocation list CRL held by personal computer 50 on thesender side.

After steps S1655 or S1660, the license administration module ofpersonal computer 80 decrypts encrypted data {transaction ID//contentID//Kc//ACm//ACp}Kmc5 with individual private decryption key Kmc5 toaccept the license (license key Kc, transaction ID, content ID, accesscontrol information ACm and reproduction control information ACp) (stepS1661). The license administration module determines whether accesscontrol information ACm thus accepted restricts the reproduction times.When the predetermined times are not restricted, the operation moves toa step S1663. If restricted, the operation moves to a step S1664 (stepS1662). When the reproduction times are not restricted, the licenseadministration module produces check-out information, which includesallowed check-out times for checking out the encrypted content data andthe license received from personal computer 50 to another device (stepS1663). The initial value for the check-out is set to three. When theallowed reproduction times are restricted, the license administrationmodule produces check-out information, in which the allowed check-outtimes for checking out the encrypted content data to another device areset to zero (step S1664). Thereafter, the operation moves to a stepS1679 in FIG. 63.

After step S1653 or S1657, an operation of rewriting the binding licenseheld by personal computer 50 is performed in parallel with the shift ofthe license from personal computer 50 to personal computer 80. Afterstep S1653 or S1657, license administration module 511 of personalcomputer 50 determines whether the copy of the license is allowed or not(step S1665). When the copy of the license is allowed, the operationmoves to a step S1698 in FIG. 64, and encrypted content data {Dc}Kc andadditional information Dc-inf are sent to personal computer 80. In stepS1665, when shift/copy flag of access control information ACm of thelicense allows only the shift, license administration module 511 readsout a license administration file 152 n of content list file 150relating to the license, which is recorded on hard disk 530 and is to beshifted, updates license administration file 152 n by changing privateinformation number n recorded in the license administration file to “nolicense” (step S1666), and produces a new binding key Kbb different frominitial binding key Kb (step S1667). License administration module 511deletes private information n, which corresponds to the license to beshifted, in the plaintext of the private file, and encrypts the privatefile with new binding key Kbb thus produced to update encrypted privatefile 160 on hard disk 530 (step S1668).

Referring to FIG. 62, license administration module 511 performs thebinding key registering processing from a step S1669 to a step S1679 forstoring new binding key Kbb thus produced in license administrationdevice 520. This processing is the same as the series of processing fromstep S934 in FIG. 37 to step S956 in FIG. 38 except for that binding keyKbb and session key Ks2 c are used instead of binding key Kb and sessionkey Ks2 b, respectively. Accordingly, description of such processing isnot repeated.

When registration of new binding key Kbb ends, the operation moves to astep S1698 in FIG. 64.

Referring to FIG. 63, after step S1663 or S1664 in FIG. 61, personalcomputer 80 operates to obtain binding key Kb2 from the licenseadministration module incorporated therein, and thus performs thebinding key obtaining processing. Personal computer performs a series ofprocessing from step S1679 to S1694 in FIG. 64 as the binding keyobtaining processing similarly to personal computer 50, and thisprocessing is the same as the series of processing from step S1006 inFIG. 42 to step S1034 in FIG. 43 illustrating the distribution 3 exceptfor that the binding license (transaction IDb2, content IDb2, bindingkey Kb2, and control information ACmb2 and ACpb2) is obtained, andsession keys Ks2 g and ks2 f are used instead of session keys Ks2 a andKs2 b, respectively. Accordingly, description thereof is not repeated.

Referring to FIG. 64, when binding key Kb2 is obtained, the licenseadministration module of personal computer 80 obtains encrypted privatefile 160 from hard disk 530 via bus BS2, and decrypts encrypted privatefile 160 thus obtained with binding key Kb2 to obtain the plaintext ofthe private file (step S1695). Thereafter, the license administrationmodule adds the license (transaction ID, content ID, license key Kc,access control information ACm and reproduction control information ACp)and check-out information, which are received from personal computer 50,as new private information n2 to the plaintext of the private file (stepS1696). Then, the license administration module encrypts the plaintextof the private file with binding key Kb2 to update encrypted privatefile 160 recorded on the hard disk (step S1697).

When both steps S1665 in FIG. 61 and S1697 end, license administrationmodule 511 of personal computer 50 reads the content file (encryptedcontent data {Dc}Kc and additional information Dc-inf) recorded on harddisk 530, and sends encrypted content data {Dc}Kc and additionalinformation Dc-inf to personal computer 80 via communication cable 90(step S1698).

The license administration module of personal computer 80 receivesencrypted content data {Dc}Kc and additional information Dc-inf, andaccepts encrypted content data {Dc}Kc and additional information Dc-inf(step S1699). The license administration module records encryptedcontent data {Dc}Kc and additional information Dc-inf accepted therebyas the content file on the hard disk via bus BS2 (step S1700). Further,license administration module produces the license administration file,which includes the private information number n2, transaction ID andcontent ID, for the content file storing encrypted content data {Dc}Kcand additional information Dc-inf, and records it on the hard disk (stepS1701). The license administration module adds the name of the acceptedcontent to the content file in the content list file recorded on thehard disk (step S1702), and the shift/copy operation ends (step S1703).

As described above, the license of the encrypted content data obtainedby license administration module 511 of personal computer 50 isadministered with binding key Kb, whereby the encrypted content data andthe license can be shifted or copied from personal computer 50 topersonal computer 80.

According to the second embodiment, the license of the encrypted contentdata, which is obtained by software in the license administration moduleincorporated in the personal computer, is administered by the bindingkey administered by hardware in the license administration device.Thereby, the encrypted content data and the license can be sent toanother personal computer according to the concept of “shift/copy”,similarly to the license of the encrypted content data obtained by thelicense administration device.

THIRD EMBODIMENT

Referring to FIG. 65, description will now be given on the manner ofadministering the license of the encrypted content data obtained bylicense administration module 511 according to a third embodiment.

The structure of content list file 150 is the same as that in the secondembodiment. Hard disk 530 carries encrypted private file 160, whichstores the same transaction IDb, content IDb and binding key Kb as thosestored in license administration device 520. An encrypted private file162 is uniquely encrypted depending on, e.g., the serial number of theCPU of personal computer 50 to inhibit take-out from personal computer50. Among license administration files 1522, * * * and 152 k, licenseadministration files 1522 and 152 k correspond to the licenses obtainedby license administration module 511. License administration files 1522and 152 k include private information containing the license andcheck-out information, encrypted private information encrypted similarlyto the encrypted private file, and plaintext information relating to thelicense. The binding license is always stored at the entry number “0” oflicense administration device 520.

Also, license administration files 1521 and 1524 correspond to thelicenses stored in license administration device 520. Instead of theencrypted private file, these files store the entry numbers specifyingthe entries for the licenses in license region 5215B of licenseadministration device 520. Structures of the other files and licenseregion 5215B are the same as those of the second embodiment in FIG. 56,and therefore, description thereof is not repeated.

When the license is to be taken out from license administration files1521, * * * or 152 k, entry number “0” is sent to license administrationdevice 520 if license administration file 1521, * * * or 152 k containthe encrypted private information. Thereby, binding key Kb is obtainedfrom license administration device 520, and it is determined whetherbinding key Kb thus obtained matches with binding key Kb stored inencrypted private file 162 or not. When matched, the encrypted privateinformation is decrypted to obtain the license and the check-outinformation. When not matched, obtaining of the license is inhibited sothat the processing is stopped. When the entry number is contained,processing is entrusted to license administration device 520. Further,in the case of “no license”, the license does not exist so that theprocessing is stopped. According to the second embodiment, therefore,all the processing for the license of a low security level (level 1) isperformed such that the license of the encrypted content data cannot betaken out from license administration files 1523, * * * and 152 k unlessbinding key Kb stored in license administration device 520 matches withbinding key Kb stored in encrypted private file 162.

According to the third embodiment, therefore, the license of theencrypted content data obtained by license administration module 511 canbe administered with binding key Kb, and the encrypted content data andthe license can be shifted from personal computer 50 to personalcomputer 80, similarly to the second embodiment already described.

[Initialization]

FIGS. 66-68 are first to third flow charts for illustrating theinitialization of encrypted private file 160 according to the secondembodiment, respectively. The flow charts of FIGS. 66-68 are the same asthose of FIGS. 36-38 except for that step S956 in the flow charts ofFIGS. 36-38 is replaced with a step S956 a. After step S954 in FIG. 68,therefore, license administration module 511 stores transaction IDb,content IDb and binding key Kb in the plaintext of the private file,produces encrypted private file 162 by uniquely encrypting the plaintextof the private file, and records encrypted private file 162 thusproduced on hard disk 530 (step S956 a). Then, the initializingoperation ends (step S958).

[Distribution 4]

FIGS. 69-72 are first to fourth flow charts for illustrating theoperation of receiving the encrypted content data and the license fromdistribution server 10 by license administration module 511,respectively. The flow charts of FIGS. 69-72 are the same as the flowcharts of FIGS. 39-43 except for that the steps between steps S266 andS268 and step S288 are replaced with steps S286 a-S287 a. Referring toFIG. 72, after production of the check-out information in steps S266 andS268, license administration module 511 uniquely encrypts the acceptedlicense (transaction ID, content ID, license key Kc, access controlinformation ACm and reproduction control information ACp) and thecheck-out information to produce the encrypted private information (stepS286 a). License administration module 511 produces the licenseadministration file, which includes the encrypted private informationthus produced, transaction ID and content ID, and records it on harddisk 530 (step S287 a). Thereafter, the operation moves to step S288,and the respective steps already described are executed so that theoperation of distributing encrypted content data and the license ends.

[Ripping]

FIGS. 73 and 74 are first and second flow charts for illustrating theripping operation of obtaining the encrypted content data and thelicense from music CD by license administration module 511 according tothe third embodiment. The flow charts of FIGS. 73 and 74 are the same asthe flow charts of FIGS. 44-46 except for that the steps between stepsS1112 and S314 in the flow charts of FIGS. 44-46 are replaced with stepsS723 a-S724 a. Referring to FIG. 74, after step S1112, licenseadministration module 511 uniquely encrypts accepted license(transaction ID, content ID, license key Kc, access control informationACm and reproduction control information ACp) and the check-outinformation to produce the encrypted private file (step S723 a). Licenseadministration module 511 produces the license administration fileincluding the produced and encrypted private file, the transaction IDand the content ID, and records it on hard disk 530 (step S724 a).Thereafter, the operation moves to step S314, and the respective stepsalready described are executed so that the operation of ripping theencrypted content data and the license ends.

[Check-Out]

FIGS. 75-79 are first to fifth flow charts for illustrating theoperation of checking out the encrypted content data and the licenseobtained by license administration module 511 to memory card 110attached to reproduction terminal 102 according to the third embodiment.The flow charts of FIGS. 75-79 are the same as the flow charts of FIGS.47-51 except for that steps S1230 and S1232 in the flow charts of FIGS.47-51 are replaced with steps S516 a, S516 b and S517 a, steps S1298,S1302 and S1304 are deleted, and steps S1308 and S1310 are replaced withsteps S552 a and 553 a. After step S1228 in FIG. 76, licenseadministration module 511 takes out encrypted private file 160 recordedon hard disk 530, and decrypts it to obtain binding key Kb storedtherein (step S516 a). License administration module 511 determineswhether binding key Kb obtained from license administration device 520matches with binding key Kb obtained from encrypted private file 160 ornot. When these binding keys Kb do not match with each other, theoperation moves to step S561, and the check-out operation ends. Whenthese binding keys Kb match with each other, the operation moves to anext step S517 a (step S516 b).

When binding key Kb obtained from license administration device 520matches with binding key Kb obtained from encrypted private file 160,the encrypted private file is obtained from the license administrationfile, and is decrypted to obtain the license (license key Kc,transaction ID, content ID, access control information ACm andreproduction control information ACp) (step S517 a). Then, the operationmoves to step S1234.

After step S1306 in FIG. 79, license administration module 511 uniquelyencrypts the private information reflecting the undated check-outinformation to produce the encrypted private file (step S552 a), andupdates the license administration file including the encrypted privateinformation (step S553 a). Thereafter, the operation moves to step S554,and the respective steps already described are executed so that theoperation of checking out the encrypted content data and the licenseends.

As described above, only when the binding key stored in licenseadministration device 520 matches with the binding key stored inencrypted private file 160, the license administration module obtainsthe encrypted content data and the license from the licenseadministration file. According to the second embodiment, therefore, thebinding key is used to administer substantially the license of theencrypted content data.

[Check-In]

FIGS. 80-83 are first to fourth flow charts for illustrating theoperation of check in the encrypted content data and the license, whichwere checked out to memory card 110 attached to reproduction terminal102, by license administration module 511, respectively. The flow chartsof FIGS. 80-83 are the same as the flow charts of FIGS. 52-55 except forthat steps S1432 and S1434 in the flow charts of FIGS. 52-55 arereplaced with steps S616 a, 616 b and 617 a, and steps S1488 and S1490are replaced with steps S644 a and S645 a.

After step 1430 in FIG. 81, license administration module 511 obtainsencrypted private file 160 recorded on hard disk 530, and decrypts it toobtain binding key Kb stored therein (step S616 a). Licenseadministration module 511 determines whether binding key Kb obtainedfrom license administration device 520 matches with binding key Kbobtained from encrypted private file 160 or not. When these binding keysKb do not match with each other, the operation moves to step S1506, andthe check-in operation ends. When these binding keys Kb match with eachother, the operation moves to next step S1436 (step S616 b).

When binding key Kb obtained from license administration device 520matches with binding key Kb obtained from encrypted private file 160,the encrypted private file is obtained from the license administrationfile, and is decrypted to obtain the license (license key Kc,transaction ID, content ID, access control information ACm andreproduction control information ACp) (step S617 a). Then, the operationmoves to next step S1436.

After step S1486 in FIG. 83, license administration module 511 uniquelyencrypts the private information reflecting the updated check-outinformation to produce the encrypted private file (step S644 a), andupdates the license administration file including the encrypted privatefile (step S645 a). Thereafter, the operation moves to step S1492, andthe respective steps already described are executed. Thereby, theoperation of checking in the encrypted content data and the licenseends.

[Shift/Copy 3]

FIGS. 84-90 are first to seventh flow charts for illustrating theoperation of shifting the encrypted content data and the licensereceived by license administration module 511 from personal computer 50to personal computer 80 according to the third embodiment, respectively.The flow charts of FIGS. 84-90 are the same as the flow charts of FIGS.57-64 except for that steps S800 a-S800 c are inserted between stepsS1600 and S1601 in the flow charts of FIGS. 57-64, the steps betweensteps S1615 and S1620 are replaced with steps S816 a and S817 a, stepS1667 is replaced with steps S867 a and S867 b, and the steps betweensteps S1662 and S1663 and step S1698 are replaced with steps S895 a-S896a.

After step S1600 in FIG. 84, license administration module 511 decryptsthe encrypted private file of the license administration file to obtainthe private information (transaction ID, content ID, license key Kc,access control information ACm, reproduction control information ACp andcheck-out information) (step S800 a); License administration module 511determines, based on access control information ACm obtained in stepS800 a, whether the shift and copy of the encrypted content data and thelicense are allowed or not. When license administration module 511determines that the shift and copy of the encrypted content data and thelicense are inhibited, the operation moves to step S1703, and the shiftoperation ends. When the shift and copy of the encrypted content dataand the license are not inhibited, the operation moves to step S800 c(step S800 b).

When the shift and copy of the encrypted content data and the licenseare allowed, license administration module 511 determines, based on thecheck-out information, whether the check-out is allowed or not. When thecheck-out is not allowed, the operation moves to step S1703, and theshift/copy operation ends. When the check-out is allowed, the operationmoves to step S1601.

After step S1615 in FIG. 85, license administration module 511 obtainsencrypted private file 160 recorded on hard disk 530 to obtain bindingkey Kb stored therein (step S816 a). License administration module 511determines whether binding key Kb obtained from license administrationdevice 520 matches with binding key Kb obtained from encrypted privatefile 162 or not. When these binding keys Kb do not match with eachother, the operation moves to step S1703, and the shift operation ends.When these binding keys Kb match with each other, the operation moves tostep S1620 (step S817 a).

After step S1666 in FIG. 88, license administration module 511 writesbinding key Kb over binding key Kbb stored in the plaintext of theprivate file (step S867 a), produces the encrypted private file byunique encryption, and writes the encrypted private file thus producedover encrypted private file 160 on hard disk 530 to provide newencrypted private file 160 (step S867 b). Then, the operation moves tostep S1668 in FIG. 89.

In steps S1662 and S1663 illustrated in FIG. 90, after the check-outinformation is prepared, license administration module 511 uniquelyencrypts the accepted license (transaction ID, content ID, license keyKc, access control information ACm and reproduction control informationACp) and the check-out information to produce the encrypted private file(step S895 a). License administration module 511 produces the licenseadministration file including the encrypted private file thus produced,transaction ID and content ID, and records it on hard disk 530 (stepS896 a). Thereafter, the operation moves to step S1698, and therespective steps already described are executed. Thereby, the operationof distributing the encrypted content data and the license ends.

Processing and operations other than the above are the same as those inthe second embodiment.

According to the third embodiment, the license administration moduleincorporated in the personal computer administers the license of theencrypted content data, which is obtained by software, with the bindingkey administered by hardware in the license administration device.Therefore, similarly to the license of the encrypted content dataobtained by the license administration device, the encrypted contentdata and the license can be sent to another computer according to theconcept of “shift/copy”.

In the second and third embodiments, license administration device 520can store the binding license and the distributed license. However, itmay serve as a administration device dedicated to the binding license.

In the description of the first and second embodiments already given,the binding key is changed only when the license is changed in theshift/copy operation. For safer administration, however, the system maybe configured to change the binding key even when the check-outinformation is changed in the check-out and check-in operations. Thiscan improve the safety in the check-out and check-in operations toattain the same safety level as that in the shift/copy operation.

This can be achieved, for example, in the check-out operation accordingto the first embodiment by such a manner that the authenticationprocessing of the license administration device from step S1620 in FIG.58 to step S1633 in FIG. 59 is added between steps S1228 and 1230 inFIG. 48, the binding key production processing in step S1667 is addedbetween steps S1308 and S1310 in FIG. 51, and the binding keyregistration processing from step S1669 to step S1679 in FIG. 62 isadded between steps S1310 and S1312 in FIG. 51. The above can also beachieved in the check-in operation by such a manner that theauthentication processing of the license administration device from stepS1620 in FIG. 58 to step S1633 in FIG. 59, the binding key productionprocessing in step S1667 in FIG. 61, and the binding key registrationprocessing from step S1669 to step S1679 in FIG. 62 are added betweensteps S1430 and S1432 in FIG. 53, between steps S1488 and S1490 in FIG.55 and between steps S1490 and S1492, respectively.

According to the second embodiment, the foregoing safety improvement canbe achieved by such a manner that the authentication processing of thelicense administration device from step S1620 in FIG. 85 to step S1633in FIG. 86, the binding key production processing in steps. S1666 andS867 a in FIG. 88, and the binding key registration processing from stepS1668 to step S1678 in FIG. 89 are added, as series of processing,between steps S516 b and 517 a in FIG. 76 in the case of check-outoperation, and between steps S616 b and 617 a in FIG. 81 in the case ofcheck-in operation, respectively.

Although the entry number of designating the binding license isdesignated, a dedicated entry may be provided for distinguish it fromthe license at a high level.

Although the present invention has been described and illustrated indetail, it is clearly understood that the same is by way of illustrationand example only and is not to be taken by way of limitation, the spiritand scope of the present invention being limited only by the terms ofthe appended claims.

INDUSTRIAL APPLICABILITY

According to the invention, the data terminal device administers thelicense of the encrypted content data, which is obtained by software inthe incorporated license administration module, with the binding keyadministered by hardware in the license administration device, and sendsthe encrypted content data and the license obtained to another personalcomputer according to the concept of “shift” similarly to the license ofthe encrypted content data obtained by the license administrationdevice. Therefore, the invention can be applied to the data terminaldevice, which can shift the license of the encrypted content dataobtained by software to another data terminal device.

1. A data terminal device obtaining encrypted content data prepared byencrypting content data and a license for decrypting said encryptedcontent data to obtain original plaintext, and providing said encryptedcontent data and said license to another data terminal device,comprising: a module unit administering the obtaining, storing andproviding of said license; a device unit producing an encrypted privatefile by encrypting a private file including a plurality of licenses, andstoring a binding license including a binding key for decrypting saidencrypted private file to extract the private file in a dedicatedregion; a storing unit storing data; and a control unit, wherein saidstoring unit stores: a plurality of encrypted content data, and anencrypted private file including said plurality of license, andencrypted with said binding key; in providing said license, said controlunit reads said encrypted private file from said storing unit, andprovides said encrypted private file to said module unit; said moduleunit obtains the binding license from said device unit, extracts thebinding key from the obtained binding license, and provides the licenseobtained by decrypting said encrypted private file with the extractedbinding key.
 2. The data terminal device according to claim 1, whereinin initializing said encrypted private file, said module unit producessaid binding license including said binding key, produces a private filenot including said license, encrypts the produced private file with saidproduced binding key to produce said encrypted private file, andprovides said produced binding license to said device unit, and saidcontrol unit stores said encrypted private file produced by said moduleunit in said storing unit.
 3. The data terminal device according toclaim 1, wherein in obtaining said license, said control unit providesthe obtained license to said module unit, reads said encrypted privatefile stored in said storing unit, and provides the read encryptedprivate file to said module unit, said module unit obtains said bindinglicense from said device unit, decrypts said provided and encryptedprivate file with said binding key included in said binding licenseobtained from said device unit, adds said provided license to thedecrypted private file to update said private file, and encrypts theupdated private file with said binding key to produce the updated andencrypted private file, and said control unit overwrites said encryptedprivate file stored in said storing unit with said encrypted privatefile produced and updated by said module unit.
 4. The data terminaldevice according to claim 1, wherein in providing said license, saidcontrol unit provides said encrypted content data corresponding to saidlicense and stored in said storing unit to a provision destination ofsaid license.
 5. The data terminal device according to claim 1, whereinafter providing said license, said module unit produces one new bindingkey, produces one new binding license including the produced one newbinding key, produces one new encrypted private file by encrypting saidprivate file with said one new binding key, and provides said producedone new binding license to said device unit, said device unit storessaid received one new binding license in said dedicated region byoverwriting, and said control unit overwrites said encrypted privatefile stored in said storing unit with said one new encrypted privatefile produced by said module unit.
 6. The data terminal device accordingto claim 1, wherein in providing said license to said different dataterminal device, said control unit receives authentication data fromsaid different data terminal device, and provides said authenticationdata to said module unit; when said module unit authenticates thereceived authentication data, said module unit constructs an encryptionpath to said different data terminal device via said control unit, andprovides said extracted license to said different data terminal devicevia said encryption path; and after providing the license, said moduleunit produces one new binding key, produces one new binding licenseincluding the produced one new binding key, deletes the sent licensefrom said private file, encrypts the private file previously includingsaid sent and deleted license with said one new binding key to produceone new encrypted private file, and provides said produced one newbinding license to said device unit, said device unit stores saidreceived one new binding license in said dedicated region byoverwriting, and said control unit overwrites said encrypted privatefile stored in said storing unit with said one new encrypted privatefile produced by said module unit.
 7. The data terminal device accordingto claim 1, wherein in obtaining said binding license from said deviceunit, said module unit provides authentication data peculiar to saidmodule unit itself to said device unit, constructs an encryptioncommunication path to said device unit in response to authentication ofsaid authentication data by said device unit, and obtains said bindinglicense from said device unit via the constructed encryptioncommunication path.
 8. The data terminal device according to claim 1,wherein in providing said binding license to said device unit, saidmodule unit receives the authentication data from said device unit,constructs an encryption communication path to said device unit inresponse to authentication of the received authentication data, andprovides said binding license to said device unit via the constructedencryption communication path.
 9. The data terminal device according toclaim 3, wherein in obtaining said encrypted content data and saidlicense from said distribution server connected over a datacommunication network, said control unit obtains said encrypted contentdata from said distribution server over said data communication network,and said module unit provides the authentication data peculiar to saidmodule unit itself via said control unit and over said datacommunication network, constructs an encryption communication path tosaid distribution server, and obtains said license from saiddistribution server via the constructed encryption communication path.10. The data terminal device according to claim 1, wherein when thecontent data is obtained, said control unit provides the obtainedcontent data to said module unit, reads said encrypted private filestored in said storing unit, and provides the read encrypted privatefile to said module unit, said module unit produces a license for saidprovided content data, produces encrypted content data by encryptingsaid provided content data with said produced license in a reproduciblemanner, obtains said binding license from said device unit, decryptssaid provided and encrypted private file with the binding key includedin said obtained binding license, updates said private file by newlyadding said produced license to the decrypted private file, produces theupdated and encrypted private file by encrypting the updated privatefile with said binding key, and said control unit overwrites saidencrypted private file stored in said storing unit with said updated andencrypted private file produced by said module unit, and stores theencrypted content data produced by said module unit in said storingunit.
 11. The data terminal device according to claim 1, wherein saidencrypted private file includes, for each license, check-out informationfor checking out said license to a data recording device, in providingsaid license to said data recording device, said control unit receivesauthentication data from said data recording device, and provides thereceived authentication data to said module unit, when said module unitauthenticates the authentication data received from said data recordingdevice, said module unit constructs an encryption path to said datarecording device via said control unit, obtains the binding license fromsaid device unit, extracts said license to be provided and saidcheck-out information from the decrypted private file, produces acheck-out license to be checked out to said data recording device basedon said license to be provided when it is determined from the extractedcheck-out information that check-out of the license is allowed,constructs an encryption path to said data recording device via saidcontrol unit, provides said check-out license to said data recordingdevice via said encryption path, obtains specifying information forspecifying said data recording device via said encryption path, producesnew check-out information by adding the obtained specifying informationto said check-out information, produces one new private file byoverwriting said check-out information of said private file with saidnew check-out information, and produces one new encrypted private fileby encryption with said binding key, and said control unit overwritesthe encrypted private file stored in said storing unit with said one newencrypted private file produced by said module unit.
 12. The dataterminal device according to claim 1, wherein said encrypted privatefile includes, for each license, check-out information for checking outsaid license to a data recording device, in providing said license tosaid data recording device, said control unit receives authenticationdata from said data recording device, and provides the receivedauthentication data to said module unit, when said module unitauthenticates the authentication data received from said data recordingdevice, said module unit constructs an encryption path to said datarecording device via said control unit, extracts said license to beprovided and said check-out information from the decrypted private file,produces a check-out license to be checked out to said data recordingdevice based on said license to be sent when it is determined from theextracted check-out information that check-out of the license isallowed, provides said check-out license to said data recording devicevia said encryption path, and obtains specifying information forspecifying said data recording device via said encryption path, afterproviding said license, said module unit produces one new binding key,produces one new binding license including the produced new binding key,produces new check-out information by adding said obtained specifyinginformation to said check-out information, produces one new private fileby overwriting said check-out information of said private file with saidnew check-out information, produces one new encrypted private file byencrypting said produced one new private file with said one new bindingkey, and provides said produced one new binding license to said deviceunit, said device unit stores the received one new binding license insaid dedicated region by overwriting, and said control unit overwritessaid encrypted private file stored in said storing unit with said onenew encrypted private file produced by said module unit.
 13. A dataterminal device obtaining encrypted content data prepared by encryptingcontent data and a license for decrypting said encrypted content data toobtain original plaintext, and providing said encrypted content data andsaid license to another data terminal device, comprising: a module unitadministering the obtaining, storing and providing of said license,producing a dedicated license including said license and encryptedsuitably to the administration, and decrypting said dedicated license; adevice unit storing a binding license including a binding key in adedicated region; a storing unit storing data; and a control unit,wherein said storing unit stores: a plurality of encrypted content data,a plurality of administration files including said dedicated license,and an encrypted private file encrypted uniquely and including saidbinding license as a component; in providing said license, said controlunit reads said encrypted private file and said administration filesfrom said storing unit, and provides said encrypted private file andsaid administration files to said module unit; said module unit extractsthe binding license by decrypting said encrypted private file, obtainsthe binding license from said device unit, and provides the licenseobtained by decrypting the dedicated license included in saidadministration files when said obtained binding license matches with thebinding license extracted from said encrypted private file.
 14. The dataterminal device according to claim 13, wherein in initializing saidencrypted private file, said module unit produces said binding licenseincluding said binding key, produces a private file storing saidproduced binding license, uniquely encrypts the produced private file toproduce said encrypted private file, and provides said produced bindinglicense to said device unit, and said control unit stores said encryptedprivate file produced by said module unit in said storing unit.
 15. Thedata terminal device according to claim 13, wherein in obtaining saidlicense, said control unit provides the obtained license to said moduleunit, produces said dedicated file including the dedicated licenseproduced by said module unit, and stores said dedicated file in saidstoring unit, and said module unit uniquely encrypts said providedlicense to produce said dedicated license.
 16. The data terminal deviceaccording to claim 13, wherein in providing said license, said controlunit sends the encrypted content data corresponding to said license andstored in said storing unit to a destination of said license.
 17. Thedata terminal device according to claim 13, wherein after providing saidlicense, said module unit produces one new binding key, produces one newbinding license including the produced one new binding key, produces onenew private file including said produced one new binding license,produces one new encrypted private file by uniquely encrypting saidproduced one new private file, and provides said produced one newbinding license to said device unit, said device unit stores saidreceived one new binding license in said dedicated region byoverwriting, and said control unit overwrites said encrypted privatefile stored in said storing unit with said one new encrypted privatefile produced by said module unit, and deletes the administration fileincluding said license.
 18. The data terminal device according to claim13, wherein in providing said license to said different data terminaldevice, said control unit receives authentication data from saiddifferent data terminal device, and provides said authentication data tosaid module unit, and said module unit constructs an encryption path tosaid different data terminal device via said control unit when theauthentication data received from said different data terminal device isauthenticated, and provides the license obtainable by decrypting saidprovided and dedicated license to said different data terminal devicevia said encryption path; after providing the license, said module unitproduces one new binding key, produces one new binding license includingthe produced one new binding key, produces one new private fileincluding the produced one new binding license, produces one newencrypted private file by uniquely encrypting said produced one newprivate file, and provides said produced one new binding license to saiddevice unit, said device unit stores said received one new bindinglicense in said dedicated region by overwriting, and said control unitoverwrites said encrypted private file stored in said storing unit withsaid one new encrypted private file produced by said module unit, anddeletes the administration file including said license.
 19. The dataterminal device according to claim 13, wherein a manner of said uniquelyencrypting the file is linked with information peculiar to data terminaldevice and obtainable from the data terminal device.
 20. The dataterminal device according to claim 13, wherein in providing said bindinglicense to said device unit, said module unit receives authenticationdata from said device unit, constructs an encryption communication pathto said device unit in response to authentication of the receivedauthentication data, and provides said binding license to said deviceunit via the constructed encryption communication path.
 21. The dataterminal device according to claim 13, wherein in obtaining said bindinglicense from said device unit, said module unit provides authenticationdata peculiar to said module unit itself to said device unit, constructsan encryption communication path to said device unit in response toauthentication of said authentication data by said device unit, andobtains said binding license from said device unit via the constructedencryption communication path.
 22. The data terminal device according toclaim 15, wherein in obtaining said encrypted content data and saidlicense from said distribution server connected over a datacommunication network, said control unit obtains said encrypted contentdata from said distribution server over said data communication network,and said module unit provides the authentication data peculiar to saidmodule unit itself via said control unit and over said datacommunication network, constructs an encryption communication path tosaid distribution server, and obtains said license from saiddistribution server via the constructed encryption communication path.23. The data terminal device according to claim 13, wherein when thecontent data is obtained, said control unit provides the obtainedcontent data to said module unit, produces said administration fileincluding said dedicated license produced by said module unit, andwrites the produced administration file and the encrypted content dataproduced by said module unit in said storing unit, and said module unitproduces a license for said obtained content data, produces encryptedcontent data by encrypting said obtained content data with said producedlicense in a reproducible manner, and produces said dedicated licenseincluding said produced license.
 24. The data terminal device accordingto claim 13, wherein said dedicated license includes check-outinformation for checking out said license to a data recording device;and in providing said license to said data recording device, saidcontrol unit receives authentication data from said data recordingdevice, and provides the received authentication data to said moduleunit, said module unit produces a check-out license to be checked out tosaid data recording device based on the extracted license when theauthentication data received from said data recording device isauthenticated and it is determined according to said check-outinformation obtainable by decrypting said provided dedicated licensethat the check-out of the license is allowed; constructs an encryptionpath to said data recording device via said control unit; provides saidcheck-out license to said data recording device via said encryptionpath; obtains specifying information specifying said data recordingdevice via said encryption path from said data recording device;produces new check-out information by adding the obtained specifyinginformation to said check-out information; and produces one newdedicated license including said license included in said provideddedicated license and said new check-out information, and said controlunit overwrites the dedicated license in the administration file storedin said storing unit with said one new dedicated license produced bysaid module unit.
 25. The data terminal device according to claim 24,wherein after providing said check-out license, said module unitproduces one new binding key, produces one new binding license includingthe produced new binding key, produces one new private file includingsaid produced one new binding license, produces one new encryptedprivate file by uniquely encrypting the produced one new private file,and provides said produced one new binding license to said device unit,said device unit stores the received one new binding license in saiddedicated region by overwriting, and said control unit overwrites saidencrypted private file stored in said storing unit with said one newencrypted private file produced by said module unit.
 26. A data terminaldevice obtaining encrypted content data prepared by encrypting contentdata and a license for decrypting said encrypted content data to obtainoriginal plaintext, and administering said encrypted content data andsaid license, comprising: a device unit obtaining said license at afirst security level, and administering said license at said firstsecurity level; a module unit obtaining said license at a secondsecurity level lower than said first security level, producing adedicated license by effecting encryption suitable to administration atsaid second security level on said license, and administering saidlicense; a storing unit storing data; and a control unit, wherein saiddevice unit includes a recording unit recording said license whilekeeping a correspondence to an administration number; said storing unitstores: a plurality of first administration files including a pluralityof encrypted content data and the administration numbers correspondingto the licenses administered by said device unit, a plurality of secondadministration files including said dedicated license, and a pluralityof encrypted content data corresponding to said first administrationfile or said second administration file; and when said control unitobtains the license at said first security level, said control unitprovides the license obtained at said first security level to saiddevice unit, produces said first administration file, and writes theproduced first administration file and the encrypted content dataobtained corresponding to the license obtained at said first securitylevel in said storing unit; and, when said control unit obtains thelicense at said second security level, said control unit provides thelicense obtained at said second security level to said module unit,obtains said dedicated license including the license obtained at saidsecond security level from said module unit, produces said secondadministration file, and writes the produced second administration fileand the encrypted content data obtained corresponding to the licenseobtained at said second security level in said storing unit.
 27. Thedata terminal device according to claim 14, wherein when said controlunit obtains the license at said first security level, said control unitprovides said administration number to said device unit, and producessaid first administration file including the same administration numberas said provided administration number, and said device unit holds saidlicense based on the administration number received from said controlunit.
 28. The data terminal device according to claim 26, wherein saidmodule unit produces said dedicated license in an encryption mannerdetermined based on information peculiar to said control unit.
 29. Thedata terminal device according to claim 26, wherein said dedicatedlicense included in said second administration file includes check-outinformation for checking out the encrypted content data obtained at saidsecond security level to another device.
 30. The data terminal deviceaccording to claim 26, wherein said control unit obtains said encryptedcontent data and/or said license from a content supply device.
 31. Thedata terminal device according to claim 30, wherein said device unitfurther includes an authentication data holding unit for holding theauthentication data for said content supply device, and said controlunit provides said authentication data read from said device unit tosaid content supply device, and receives at least said license based onthe authentication of said authentication data by said content supplydevice.
 32. The data terminal device according to claim 30, wherein saidmodule unit executes reception of said encrypted content data and saidlicense at said second security level by a program.
 33. The dataterminal device according to claim 26, wherein when the content data isobtained, said control unit provides the obtained content data to saidmodule unit, said module unit produces said license, produces theencrypted content data by encrypting said obtained content data withsaid produced license in a reproducible manner, and produces saiddedicated license including said produced license, and said control unitobtains said dedicated license including said license produced by saidmodule unit and said produced and encrypted content data from saidmodule unit, produces said second administration file, and writes saidproduced second administration file and said produced and encryptedcontent data in said storing unit.
 34. The data terminal deviceaccording to claim 33, wherein said module unit obtains rules of useassigned to said content data, and produces said license in accordancewith the obtained rules of use.
 35. The data terminal device accordingto claim 29, wherein when the content data is obtained, said controlunit provides the obtained content data to said module unit, said moduleunit produces said license, produces the encrypted content data byencrypting said obtained content data with said produced license in areproducible manner, produces said dedicated license including saidproduced license, and produces said dedicated license includingcheck-out information for checking out the encrypted content dataobtained at said second security level to another devices, said controlunit obtains said dedicated license including said license produced bysaid module unit and said produced and encrypted content data from saidmodule unit, produces said second administration file, and writes saidproduced second administration file and said produced and encryptedcontent data in said storing unit.
 36. The data terminal deviceaccording to claim 26, further comprising: an interface unittransmission to and from a data recording device; and a key operatingunit entering an instruction, wherein said control unit specifies saidfirst administration file stored in said storing unit and said encryptedcontent data in accordance with a shift instruction applied via said keyoperating unit, reads said administration number from the specifiedfirst administration file, provides the read administration number tosaid device unit, obtains said specified and encrypted content data fromsaid storing unit, and provides the obtained and encrypted content datato said data recording device via said interface unit, and said deviceunit constructs an encryption path to said data recording device viasaid control unit and said interface unit, and provides the licensecorresponding to said applied administration number to said datarecording device via said encryption path.
 37. The data terminal deviceaccording to claim 36, wherein said device unit erases the license whensaid device unit provides said license to said data recording device viasaid encryption path.
 38. The data terminal device according to claim29, further comprising: an interface unit transmission to and from adata recording device; and a key operating unit entering an instruction,wherein said control unit specifies said second administration filestored in said storing unit and said encrypted content data inaccordance with a shift instruction applied via said key operating unit,reads said dedicated license from the specified second administrationfile, provides the read dedicated license to said module unit, obtainssaid specified and encrypted content data from said storing unit, andprovides the obtained and encrypted content data to said data recordingdevice via said interface unit, said module unit decrypts said applieddedicated license, constructs an encryption path to said data recordingdevice via said control unit and said interface unit based on saidcheck-out information included in said dedicated license, produces thecheck-out license based on said license included in said provideddedicated license, provides the produced check-out license to said datarecording device via said encryption path, obtains specifyinginformation specifying said data recording device via said encryptionpath from said data recording device, produces new check-out informationby adding the obtained specifying information to said check-outinformation, and produces one new dedicated license including saidlicense included in said provided dedicated license and said newcheck-out information, and said control unit overwrites the dedicatedlicense in said second administration file stored in said storing unitwith said one new dedicated license produced by said module unit. 39.The data terminal device according to claim 36, wherein said controlunit provides encrypted content data and said license to said datarecording device based on the authentication of the authentication dataobtained from said data recording device via said interface unit.
 40. Aprogram to be executed by a computer to obtain and administer a licenseused for decrypting encrypted content data to obtain original plaintext,wherein the computer executes: a first step of obtaining said license; asecond step of decrypting an encrypted private file to obtain a bindinglicense including a binding key for encrypting the encrypted privatefile; a third step of obtaining said encrypted private file, anddecrypting said obtained and encrypted private file with the binding keyincluded in said binding license to obtain a private file; a fourth stepof writing said obtained license into said private file, encryptingagain the private file including said written license with said bindingkey to produce one new encrypted private file, and overwriting saidencrypted private file with the produced one new encrypted private file.41. The program to be executed by the computer according to claim 40,wherein the computer further executes: a fifth step of obtaining saidencrypted private file and said binding license, extracting the bindingkey included in the obtained binding license, and decrypting saidobtained and encrypted private file with the extracted binding key toobtain the license; and a sixth step of providing a part or all of saidextracted license.
 42. The program to be executed by the computeraccording to claim 41, wherein the computer further executes a seventhstep of updating said encrypted private file when said sixth step isexecuted; and said seventh step includes the steps of: deleting theprovided license, producing one new binding key, and producing one newbinding license including the produced one new binding key, encryptingsaid encrypted private file with said produced one new binding key toproduce one new encrypted private file, storing said produced one newbinding license, and overwriting the encrypted private file alreadystored with said produced one new encrypted private file.
 43. Theprogram to be executed by the computer according to claim 41, whereinwhen providing said license to a different data terminal device, saidsixth step includes the steps of: receiving authentication data fromsaid different data terminal device, and authenticating said differentdata terminal, constructing an encryption communication path to saiddifferent data terminal device, and sending the license extracted insaid fifth step to said different data terminal device via saidencryption path.
 44. The program to be executed by the computeraccording to claim 43, wherein the computer further executes a seventhstep of updating said encrypted private file when said sixth step isexecuted; and said seventh step includes the steps of: producing one newbinding key, and producing one new binding license including theproduced one new binding key, deleting the license sent from saidprivate file, encrypting the private file previously including said sentlicense with said one new binding key to produce one new encryptedprivate file, and overwriting said encrypted private file with saidproduced one new encrypted private file.
 45. The program to be executedby the computer according to claim 40, wherein said encrypted privatefile includes, for each license, check-out information for checking outsaid license to a check-out destination; and said computer furtherexecutes: a fifth step of authenticating authentication data receivedfrom said check-out destination, a sixth step of constructing anencryption path to said check-out destination, a seventh step ofobtaining said binding license, decrypting said encrypted private filewith the binding key included in said obtained binding license, andextracting said license to be sent and said check-out information fromthe decrypted private file, an eighth step of determining from saidextracted check-out information whether the checkout of the license isallowed or not, a ninth step of producing the check-out license to bechecked out to said check-out destination based on the license to besent when it is determined that the check-out of said license isallowed, a tenth step of sending said produced check-out license to saidcheck-out destination via said encryption path, and obtaining specifyinginformation for specifying said check-out destination via saidencryption path from said check-out destination, an eleventh step ofproducing new check-out information by adding said obtained specifyinginformation to said check-out information, and producing one new privatefile by overwriting the check-out information in said private file withsaid new check-out information, a twelfth step of producing one newencrypted private file by encrypting said one new private file with saidbinding key, and a thirteenth step of overwriting said encrypted privatefile with said produced one new encrypted private file.
 46. The programto be executed by the computer according to claim 40, wherein saidencrypted private file includes, for each license, check-out informationfor checking out said license to a check-out destination; and saidcomputer further executes: a fifth step of authenticating authenticationdata received from said check-out destination, a sixth step ofconstructing an encryption path to said check-out destination, a seventhstep of obtaining said binding license, decrypting said encryptedprivate file with the binding key included in said obtained bindinglicense, and extracting said license to be sent and said check-outinformation from the decrypted private file, an eighth step ofdetermining from said extracted check-out information whether thecheckout of the license is allowed or not, a ninth step of producing thecheck-out license to be checked out to said check-out destination basedon the license to be sent when it is determined that the check-out ofsaid license is allowed, a tenth step of sending said check-out licenseto said check-out destination via said encryption path, and obtainingspecifying information for specifying said check-out destination viasaid encryption path from said check-out destination, an eleventh stepof producing one new binding key, and producing one new binding licenseincluding the produced one new binding key, a twelfth step of producingnew check-out information by adding said obtained specifying informationto said check-out information, and producing one new private file byoverwriting the check-out information in said private file with said newcheck-out information, a thirteen step of producing one new encryptedprivate file by encrypting said produced one new private file with saidone new binding key, and a thirteenth step of overwriting said encryptedprivate file with said one new encrypted private file.
 47. A program tobe executed by a computer to obtain and administer a license used fordecrypting encrypted content data to obtain original plaintext, whereinthe computer executes: a first step of obtaining said license bysoftware; a second step of uniquely encrypting said obtained license toproduce a dedicated license; a third step of determining whether a firstbinding license administered by software matches with a second bindinglicense administered by hardware or not; a fourth step of obtaining saiddedicated license administered by software and decrypting the provideddedicated license when said first binding license matches with saidsecond binding license; and a fifth step of providing said decryptedlicense.
 48. The program to be executed by the computer according toclaim 47, wherein for initializing an encrypted private file produced byencrypting a private file storing said first binding license, thecomputer further executes: a sixth step of producing said first bindinglicense including a binding key, a seventh step of producing the privatefile storing said produced first binding license, an eighth step ofuniquely encrypting said produced private file to produce said encryptedprivate file, and a ninth step of providing said produced first bindinglicense as said second binding license to a device unit.
 49. The programto be executed by the computer according to claim 47, wherein afterproviding said license, the computer further executes: a sixth step ofproducing one new binding key, and producing one new first bindinglicense including the produced one new binding key, a seventh step ofproducing one new private file including said produced first bindinglicense, an eighth step of uniquely encrypting said produced one newprivate file to produce one new encrypted private file, a ninth step ofproviding said produced one new first binding license to a device unit,and a tenth step of overwriting said encrypted private file alreadystored with said produced one new encrypted private file.
 50. Theprogram to be executed by the computer according to claim 47, whereinfor sending said license to a different terminal device, the computerfurther executes: a sixth step of receiving authentication data fromsaid different terminal device, a seventh step of extracting said firstbinding license by decrypting said encrypted private file, an eighthstep of obtaining said second binding license from said device unit, aninth step of constructing an encryption communication path to saiddifferent terminal device when said obtained second binding licensematches with the first binding license extracted from said encryptedprivate file, and said received authentication data is authenticated,and a tenth step of sending a license obtained by decrypting saidprovided dedicated license to said different terminal device via saidencryption path; and after sending said license, the computer furtherexecutes: an eleventh step of producing one new binding key, andproducing one new first binding license including the produced one newbinding key, a twelfth step of producing one new private file includingsaid produced first binding license, thirteenth step of uniquelyencrypting said produced one new private file to produce one newencrypted private file, a fourteenth step of providing said produced onenew first binding license to said device unit, and a fifteenth step ofoverwriting said encrypted private file already stored with saidproduced one new encrypted private file.
 51. The program to be executedby the computer according to claim 47, wherein a manner of said uniquelyencrypting the file is linked with information unique to data terminaldevice and obtainable from the data terminal device.
 52. The program tobe executed by the computer according to claim 47, wherein for providingsaid first binding license to said device unit, the computer furtherexecutes: a sixth step of receiving authentication data from said deviceunit, a seventh step of constructing an encryption communication path tosaid device unit when said received authentication data isauthenticated, and an eighth step of providing said first bindinglicense to said device unit via said constructed encryptioncommunication path.
 53. The program to be executed by the computeraccording to claim 47, wherein for obtaining said second binding licensefrom said device unit, the computer further executes: a sixth step ofproviding authentication data to said device unit, a seventh step ofconstructing an encryption communication path to said device unit whensaid device unit authenticates said authentication data, and an eighthstep of obtaining said second binding license from said device unit viasaid constructed encryption communication path.
 54. The program to beexecuted by the computer according to claim 47, wherein said dedicatedlicense includes check-out information for checking out said license;and for output performed for the check-out, the computer furtherexecutes: a sixth step of receiving authentication data from saidcheck-out destination, a seventh step of reading said encrypted privatefile and a dedicated license, an eighth step of decrypting saidencrypted private file to extract a first binding license, and obtaininga second binding license from said device unit, a ninth step ofdecrypting said read dedicated license to extract the license and thecheck-out information, and produces a check-out license to be checkedout to said check-out destination based on said extracted license whensaid obtained second binding license matches with said extracted firstbinding license, the authentication data received from said check-outdestination is authenticated and it is determined from said extractedcheck-out information that check-out of the license is allowed, a tenthstep of constructing an encryption communication path to said check-outdestination, an eleventh step of sending said check-out license to saidcheck-out destination via said encryption path, a twelfth step ofobtaining specifying information for specifying said check-outdestination via said encryption path from said check-out destination, anthirteenth step of producing new check-out information by adding saidobtained specif3iing information to said check-out information, afourteenth step of producing one new dedicated license including saidextracted license and said new check-out information, and a fifteenthstep of overwriting said read dedicated license with said new onededicated license.
 55. The program to be executed by the computeraccording to claim 54, wherein after sending said check-out license, thecomputer further executes: sixteenth step of producing one new bindingkey, and producing one new first binding key including the producedbinding key, a seventeenth step of producing one new private fileincluding said produced one new first binding license, and producing onenew encrypted private file by uniquely encrypting the produced one newprivate file, an eighteenth step of providing said produced one newfirst binding license to said device unit, and a nineteenth step ofoverwriting the encrypted private file already stored with said producedone new encrypted private file.
 56. A program to be executed by acomputer to obtain and administer a license used for decryptingencrypted content data to obtain original plaintext, wherein thecomputer executes: a first step of obtaining said license at a firstsecurity level; a second step of obtaining said license at a secondsecurity level lower than said first security level; a third step ofproducing a dedicated license by effecting encryption suitable toadministration at said second security level on said license; a fourthstep of operating, when the license is obtained at said first securitylevel, to provide the license obtained at said first security level tosaid device unit, produce a first administration file, and write theproduced first administration file and the encrypted content dataobtained corresponding to the license obtained at said first securitylevel in a storing unit; and a fifth step of operating, when the licenseis obtained at said second security level, to provide the licenseobtained at said second security level to said module unit, obtain thededicated license including the license obtained at said second securitylevel from said module unit, produce a second administration file, andwrite the produced second administration file and the encrypted contentdata obtained corresponding to the license obtained at said secondsecurity level in said storing unit.